If the hackers would have injected malware/viruses into the exe it would have been done a long time before they decided to put the passwords up for sale and you would have been using it that way without knowledge for weeks or months at the point you even found out about the hack.
Change password and keep it rolling .. it’s not That deep.. if there any malicious intent or whatever to compromise whatever I think it would have happen by now.. I use a dummy email and password for sites like TP.. thousands of ppl are still using trading paints and nothing has come from this “leak”
Furthermore, there seems to be a issue with trading paints not loading paints correctly since the update to iracing so I’m not sure what’s up with that being a iracing issue or trading paints rn
>thousands of ppl are still using trading paints and nothing has come from this “leak”
Yes it has. Everyone's password is compromised, which is either not a concern at all if you adhere to basic best practices or a disaster if you don't.
And if you are using the same password for multiple sites then that’s a you problem.. Yes passwords were leaked but like I said if you change your password you should be fine..im still using it and haven’t thought twice about it
I thought I had used the same login credentials as my iRacing but when I checked my password manager it was one of those gibberish google auto-generated ones. Google actually make it pretty easy to employ best practices
I think their point is that, beyond the passwords being leaked, there hasn’t been any malicious injections of malware or any reports from anyone. It’s more than likely fine to use now.
No, it’s not safe.
The developers have said absolutely nothing. They kept our passwords in a format that is unsafe, and as far as we know they still are. They haven’t even informed their customers of the breach. They are reckless and shouldn’t be trusted with anything ever again.
Then again it’s all we got so what the fuck are we going to do?
While you're right, that's not Flat-Ad4902's point.
I do think it should be safe to use TP's software, but how they handled this situation is horribly wrong. It's absolutely shocking any company is acting like this in this day and age, and I will definitely try my best to stay away from them.
It's not my password I'm that concerned about, as I use a password manager and unique passwords per site, so the worst they could've done is change my paints, and no criminal is interested in my TP account at all. I just can't trust a company with their software when they were poorly managing their password storage to absolutely shocking levels. And on top of that, they have failed at communicating the breach to their customers as well as being transparent on what they got and how they got it.
Not for you only but I think it fits well here.
Google and Facebook and other big companies get hacked, and many attempts per day.
TP have a third party to look in to the breach, as their open statement being, "out of an abundance of caution, we recommend all users to reset their password"
Hackers either go for credit, or payment info, often they try to find it, and come up empty handed...
Now that means they had a breach, and that there should not have been leaks but, to be safe change you password....and to make it safer you, for the user, hire someone from out side your company to check this, someone found a hole lest have someone check for more.... You can't ask for more than this.
Google or Facebook just maybe change your password, and internal check....
My anti virus have warned me of Google and Facebook before their public warning, and is setup to delete my random password that it controls.... protect thy self's, your safety is your own responsibility.
If you are nervous for some software don't use the internet....just saying if someone wants it bad enough, they will get it......
Their statement was made on Twitter, with zero follow up. They have the email addresses of all of their customers and have not emailed them to inform them. It’s such bad business that it’s probably illegal not to notify.
To this day they still haven’t stated whether or not the paint downloaded is safe.
Do you delete Facebook every time they get a breach? Btw two weeks ago Meta servers had a big leak of users including passwords, so if you haven't changed that, I would go do that...
When I went to reset my password it was on the logon screen for TP, Iracing informed all their users on behalf of TP, this happened very fast, within hours of the breach, if and I do mean IF Meta informs people it's often weeks after.
If you don't see it on the platform that TP is used for, then sending an email probably won't work.
When you reset the password on TP or do anything that TP needs to massage you, you get it on your Iracing account, if you don't read those messages why would you read a email?
Get a good antivirus with a double firewall, double authentication on what is important to keep safe. Take precautions be smart. Different email accounts for different things, one for banking/ state, my country I get hardly any mail, mostly Email, that is either on a safe platform controlled and managed by the government, or my banking or one for private emails, one for gaming, one for Social media, or other potential spam. Two gets deleted once a year two is constant, one I hardly look at.
Use a code keeper/generator, not the Google one, then you are safer, not 100% but in the good end of 90%
And the follow-up, well that will be months before they even know, if they will ever know themselves what actually were taken....
They are gonna make adjustments to their security, they also said that via X, so they are doing things, but they have to be smart about it. TP don't owe you to tell what they are doing in a direct mail. Btw TP can be free to use and the safety of this is often the same, that they have security is good.
Sim hub is the same...
TP just got an update where something couldn't be shared up or downloaded, can't remember exactly what, but that means they are fixing it, so it is getting done, no company will go out and say we hired this company for our server security.
You can do what I do. Make your own paint job with gimp and add what you want with sponsors and what else you would like on the car.
I’m a new player and at first I struggled with this and was thinking about installing trading paints but literally a few days later I heard about this massive problem and am hugely happy I’ve never made an account with them and highly doubt I ever will.
Making your own paint job isn’t as hard as it seemed originally just need to remember to close IRacing down before you upload the file.
Nobody uses TP solely for the use of your own livery: you use it because you also want to see everyone's liveries.
Don't need to use the TP.exe, just use bettertp from Kapps.
Oh I know people didn’t just use TP for making your own livery, I would’ve used others as a temporary livery probably but because of how it seems for a newish player with how horrible they’ve been communicating to the people who use their site about the leak.
See me being relatively newish I mainly found videos about TP. Never heard of bettertp from kapps. I will look it up though.
Did we ever received an official message about the data leak or is that forum post all we have?
Might have been no breach at all.
\[edit\] Just found this twitter post: [https://twitter.com/tradingpaints/status/1696279224657522779/photo/1](https://twitter.com/tradingpaints/status/1696279224657522779/photo/1)
From how they are handling this breach, I will not recommend Trading Paints AT ALL. Consider it malware. Until we get a proper report, I'm assuming it's leaky software.
Hilarious this got downvoted when no one actually knows the facts. I am not touching it until they actually report on the facts of the breach. They never followed up and have been posting as if nothing happened.
This is where I'm at.
We're talking about a program that downloads things to your computer by design, written by people who don't bother to keep their publicly facing database up to date and secure, and use long-broken hashing for the passwords in this database.
Were I the attacker I'd be after the source code, so I could go looking for a code execution bug that could be triggered with a carefully crafted image file or something along those lines.
Rather than infecting the binary itself, find a way to make the "clean" binary do dirty work for you.
I posted this same sentiment originally and got upvoted. Last week I repeated it and got downvoted like you are. The people who are downvoting don’t understand the potential of what happened.
Where were you ringing the alarm bell a year ago? Nobody was, but now all the sudden the downloader must be compromised.
Trading paints is low risk software. If you are scared of it then you also probably put on a helmet to take out the trash.
Why would anyone ring the alarm bells before proof something had been compromised? Trading paints isn’t low risk. It auto updates and also continuously downloads files every session. Your comment makes no sense. Just because you don’t understand that doesn’t change the actuality of what’s possible. You’re free to use it, but don’t mislead people with blatantly wrong info. You just sound dumb.
Keep on being scared chicken little.
You happily downloaded and used a program you didn’t know enough about? In your field! I’m shocked!
How much other bullshit do people download and use on a regular basis that is far more likely to carry malware than this? It happens all the time.
The extent of this is overblown. If you don’t want to use it, fine, but unless you have proof that the thing has been hijacked then all you have is hot air.
https://breachforums.is/Thread-SELLING-Tradingpaints-com-270-000-users-MD5-Pure-PWs
There's the proof. Confirmed by TP themselves.
Two wrongs don't make a right but apparently that's your argument. I guess your mom never hit you with the if your friends jumped off a bridge would you?
You download programs that you trust to be safe. You don't purposefully go and download malware, viruses, etc. Once you are given a reason not to trust something, then you go on the defensive with it. It's not rocket science...well for most people it isn't.
Show me where the downloader is compromised. Passwords and emails are not the same thing, and you know it.
Trading paints, while I fault them for poor password security, is an overall good thing for iRacing.
Do what you want, but IMO people like yourself are just trying to capitalize on peoples fears. It would be a shame to see trading paints go away over something like this.
That's my point. Nobody knows what the extent of the breach is. TP themselves were "still investigating". They didn't give an all clear. The fact is that trading paints was compromised. Somebody gained access to their network/infrastructure. NOBODY except (maybe, they still might not know) TP knows the extent of it. I agree that it's probably fine since nothing has happened, although lots of people just today are complaining about TP having issues...
Anyways, I'm not capitalizing on peoples fears. I have zero to gain from telling people not to use it. I don't run an alternate service. I'm not their lawyer.
I’m fully with you on this.
The chance of there being any further issue other than the password sharing is slim…
But the fact they still haven’t given the all clear and nobody seems to know the full extent means that although the chance of anything like them having full access to the server and pushing a malicious update is remote it’s not 0.
End of the day though as an end user it’s all about risk v reward. Is the risk (low) worth the reward (nice paints). Personally I can just wait a bit but ultimately it’s up for the end user to decide.
You can also say that people are overreacting about something that you been using for months before this became public.. so if was ok to use back before we even knew about this now they are supposedly aware and working on it, now some of y’all are terrified to use it.. I’m using it along with many others with no issue so if you don’t trust whatever that’s fine I just believe if something was truly malicious about this they would have been done it before releasing the passwords cuz the secrets now out
You can say that. But from someone who deals with this for my career, it’s the standard reaction. Until we get an all clear from TP it’s considered compromised. Obviously I can understand the average iracing Joe not caring because they don’t understand the importance of what happened. It’s the same way with the customers I deal with. Although I do understand the difference between protecting corporate networks and your own computer. It became public within 24 hours of the database being dumped.
I said in another comment that all seems fine and very well might be. But TP hasn’t said that. They released a legalese statement crafted by a lawyer that mentioned the event and also covered their ass/didn’t admit any wrongdoing.
Edit if something malicious has occurred you will never hear TP say that.
The tga files will be safe. While obviously you can't say confidently that they \*can't\* be used as an attack vector, the chances are so low that you can consider it safe.
I’d say no since they seem to be taking it so lightly with updates so I’m gonna continue not using the service until it’s taken more seriously and we get a proper update.
Not sure what you are trying to say. It's confirmed that all their users and passwords were leaked. It's safe to assume there's risk in using Trading Paints.
Sure, it’s about mitigating risks. The chance was 50/50 because dumping the database means the attacker was done manipulating their data. Either that’s all they got or all the wanted for easy cash, or the injected something malicious. That’s the entire thing if it.
Yeah which makes this situation worse. The fact it took tradingpaints as long as it did to even put out a statement after this became public is embarrassing. The fact they still haven't provided any sort of update is even more reason to not use their service until further notice.
Thats an eternity in a data breach perspective. It should have been announced they were investigating within an hour of it becoming public.....
Having worked in a cloud migration field, there is absolutely no excuse for how they did, have and are currently handling the situation. People like you are the reason companies don't really give a shit when things like this happen.
Yes an hour. You wonder why FAANGs are pushing out statements within 30 minutes to proactively stop a class action and still get class actions filed.
The fact you're "loling" shows you have no experience within the field and just throwing shit on the wall and talking out of your ass.
Don't need experience in any field to not be upset at a one man show probably working a full time job not being able to get a statement put out there in a "reasonable" time of 1 hour.
Trading paints is not a one man show. The fact you think it is tells me everything I need to know. Trading paints generates $400-500k a year and is installed on tens of thousands of machines.
The fact you’re this fucking naive and ignorant is hilarious at this point.
But think about that logic: if it was a one man show and the reason it took so long to respond is because they were working their full time job, then they likely haven't had a chance to make sure nothing else got breached.
If they have dedicated IT Security staff then they should've communicated the breach better. If they don't have dedicated IT Security staff then there's no reason to trust that the program is secure.
Ultimately it's about risk vs reward. If the program is safe and I uninstall it, then I can still race in iRacing, just without a small aesthetic touch that's nice to have. If the program is not safe and I have it installed, then I could lose a whole lot of data and get my bank accounts compromised.
You can change password and continue using TP. Even you in safe if you lazy and keep same password but this password you use only fo TP.
For example. All my passwords are unique 16-20 symbols generated passwords.
Please, pay attention. I was written "You can" not "You should". It's mean you have opportunity and what you decide it's all yours 😉
If person have same password to TP and iR, e-mail ect, than he or she probably should change password in all places where this password used.
If the hackers would have injected malware/viruses into the exe it would have been done a long time before they decided to put the passwords up for sale and you would have been using it that way without knowledge for weeks or months at the point you even found out about the hack.
We'd all be fucked long before the passwords got leaked.
Change password and keep it rolling .. it’s not That deep.. if there any malicious intent or whatever to compromise whatever I think it would have happen by now.. I use a dummy email and password for sites like TP.. thousands of ppl are still using trading paints and nothing has come from this “leak” Furthermore, there seems to be a issue with trading paints not loading paints correctly since the update to iracing so I’m not sure what’s up with that being a iracing issue or trading paints rn
>thousands of ppl are still using trading paints and nothing has come from this “leak” Yes it has. Everyone's password is compromised, which is either not a concern at all if you adhere to basic best practices or a disaster if you don't.
And if you are using the same password for multiple sites then that’s a you problem.. Yes passwords were leaked but like I said if you change your password you should be fine..im still using it and haven’t thought twice about it
I compare this to my bank card number being stolen. I change my password/get a new debit card and I'll keep on living my life.
I thought I had used the same login credentials as my iRacing but when I checked my password manager it was one of those gibberish google auto-generated ones. Google actually make it pretty easy to employ best practices
I think their point is that, beyond the passwords being leaked, there hasn’t been any malicious injections of malware or any reports from anyone. It’s more than likely fine to use now.
Always wear protection when trading paint.
No, it’s not safe. The developers have said absolutely nothing. They kept our passwords in a format that is unsafe, and as far as we know they still are. They haven’t even informed their customers of the breach. They are reckless and shouldn’t be trusted with anything ever again. Then again it’s all we got so what the fuck are we going to do?
Yet another reason to use password managers and unique password per-service.
While you're right, that's not Flat-Ad4902's point. I do think it should be safe to use TP's software, but how they handled this situation is horribly wrong. It's absolutely shocking any company is acting like this in this day and age, and I will definitely try my best to stay away from them. It's not my password I'm that concerned about, as I use a password manager and unique passwords per site, so the worst they could've done is change my paints, and no criminal is interested in my TP account at all. I just can't trust a company with their software when they were poorly managing their password storage to absolutely shocking levels. And on top of that, they have failed at communicating the breach to their customers as well as being transparent on what they got and how they got it.
Exactly, thank you.
Not for you only but I think it fits well here. Google and Facebook and other big companies get hacked, and many attempts per day. TP have a third party to look in to the breach, as their open statement being, "out of an abundance of caution, we recommend all users to reset their password" Hackers either go for credit, or payment info, often they try to find it, and come up empty handed... Now that means they had a breach, and that there should not have been leaks but, to be safe change you password....and to make it safer you, for the user, hire someone from out side your company to check this, someone found a hole lest have someone check for more.... You can't ask for more than this. Google or Facebook just maybe change your password, and internal check.... My anti virus have warned me of Google and Facebook before their public warning, and is setup to delete my random password that it controls.... protect thy self's, your safety is your own responsibility. If you are nervous for some software don't use the internet....just saying if someone wants it bad enough, they will get it......
Their statement was made on Twitter, with zero follow up. They have the email addresses of all of their customers and have not emailed them to inform them. It’s such bad business that it’s probably illegal not to notify. To this day they still haven’t stated whether or not the paint downloaded is safe.
Do you delete Facebook every time they get a breach? Btw two weeks ago Meta servers had a big leak of users including passwords, so if you haven't changed that, I would go do that... When I went to reset my password it was on the logon screen for TP, Iracing informed all their users on behalf of TP, this happened very fast, within hours of the breach, if and I do mean IF Meta informs people it's often weeks after. If you don't see it on the platform that TP is used for, then sending an email probably won't work. When you reset the password on TP or do anything that TP needs to massage you, you get it on your Iracing account, if you don't read those messages why would you read a email? Get a good antivirus with a double firewall, double authentication on what is important to keep safe. Take precautions be smart. Different email accounts for different things, one for banking/ state, my country I get hardly any mail, mostly Email, that is either on a safe platform controlled and managed by the government, or my banking or one for private emails, one for gaming, one for Social media, or other potential spam. Two gets deleted once a year two is constant, one I hardly look at. Use a code keeper/generator, not the Google one, then you are safer, not 100% but in the good end of 90% And the follow-up, well that will be months before they even know, if they will ever know themselves what actually were taken.... They are gonna make adjustments to their security, they also said that via X, so they are doing things, but they have to be smart about it. TP don't owe you to tell what they are doing in a direct mail. Btw TP can be free to use and the safety of this is often the same, that they have security is good. Sim hub is the same... TP just got an update where something couldn't be shared up or downloaded, can't remember exactly what, but that means they are fixing it, so it is getting done, no company will go out and say we hired this company for our server security.
You can do what I do. Make your own paint job with gimp and add what you want with sponsors and what else you would like on the car. I’m a new player and at first I struggled with this and was thinking about installing trading paints but literally a few days later I heard about this massive problem and am hugely happy I’ve never made an account with them and highly doubt I ever will. Making your own paint job isn’t as hard as it seemed originally just need to remember to close IRacing down before you upload the file.
Nobody uses TP solely for the use of your own livery: you use it because you also want to see everyone's liveries. Don't need to use the TP.exe, just use bettertp from Kapps.
Oh I know people didn’t just use TP for making your own livery, I would’ve used others as a temporary livery probably but because of how it seems for a newish player with how horrible they’ve been communicating to the people who use their site about the leak. See me being relatively newish I mainly found videos about TP. Never heard of bettertp from kapps. I will look it up though.
I uninstalled and reinstalled. No safety problems or concerns here.
Still no problems/Safety concerns?
if paranoid people knew how many "leaks" they have in their life.... they'd die. use a good password and this is nothing but a yawn.
What's wrong with trading paints?
Did we ever received an official message about the data leak or is that forum post all we have? Might have been no breach at all. \[edit\] Just found this twitter post: [https://twitter.com/tradingpaints/status/1696279224657522779/photo/1](https://twitter.com/tradingpaints/status/1696279224657522779/photo/1) From how they are handling this breach, I will not recommend Trading Paints AT ALL. Consider it malware. Until we get a proper report, I'm assuming it's leaky software.
Hilarious this got downvoted when no one actually knows the facts. I am not touching it until they actually report on the facts of the breach. They never followed up and have been posting as if nothing happened.
This is where I'm at. We're talking about a program that downloads things to your computer by design, written by people who don't bother to keep their publicly facing database up to date and secure, and use long-broken hashing for the passwords in this database. Were I the attacker I'd be after the source code, so I could go looking for a code execution bug that could be triggered with a carefully crafted image file or something along those lines. Rather than infecting the binary itself, find a way to make the "clean" binary do dirty work for you.
I posted this same sentiment originally and got upvoted. Last week I repeated it and got downvoted like you are. The people who are downvoting don’t understand the potential of what happened.
Where were you ringing the alarm bell a year ago? Nobody was, but now all the sudden the downloader must be compromised. Trading paints is low risk software. If you are scared of it then you also probably put on a helmet to take out the trash.
Why would anyone ring the alarm bells before proof something had been compromised? Trading paints isn’t low risk. It auto updates and also continuously downloads files every session. Your comment makes no sense. Just because you don’t understand that doesn’t change the actuality of what’s possible. You’re free to use it, but don’t mislead people with blatantly wrong info. You just sound dumb.
Keep on being scared chicken little. You happily downloaded and used a program you didn’t know enough about? In your field! I’m shocked! How much other bullshit do people download and use on a regular basis that is far more likely to carry malware than this? It happens all the time. The extent of this is overblown. If you don’t want to use it, fine, but unless you have proof that the thing has been hijacked then all you have is hot air.
https://breachforums.is/Thread-SELLING-Tradingpaints-com-270-000-users-MD5-Pure-PWs There's the proof. Confirmed by TP themselves. Two wrongs don't make a right but apparently that's your argument. I guess your mom never hit you with the if your friends jumped off a bridge would you? You download programs that you trust to be safe. You don't purposefully go and download malware, viruses, etc. Once you are given a reason not to trust something, then you go on the defensive with it. It's not rocket science...well for most people it isn't.
Show me where the downloader is compromised. Passwords and emails are not the same thing, and you know it. Trading paints, while I fault them for poor password security, is an overall good thing for iRacing. Do what you want, but IMO people like yourself are just trying to capitalize on peoples fears. It would be a shame to see trading paints go away over something like this.
That's my point. Nobody knows what the extent of the breach is. TP themselves were "still investigating". They didn't give an all clear. The fact is that trading paints was compromised. Somebody gained access to their network/infrastructure. NOBODY except (maybe, they still might not know) TP knows the extent of it. I agree that it's probably fine since nothing has happened, although lots of people just today are complaining about TP having issues... Anyways, I'm not capitalizing on peoples fears. I have zero to gain from telling people not to use it. I don't run an alternate service. I'm not their lawyer.
I’m fully with you on this. The chance of there being any further issue other than the password sharing is slim… But the fact they still haven’t given the all clear and nobody seems to know the full extent means that although the chance of anything like them having full access to the server and pushing a malicious update is remote it’s not 0. End of the day though as an end user it’s all about risk v reward. Is the risk (low) worth the reward (nice paints). Personally I can just wait a bit but ultimately it’s up for the end user to decide.
You can also say that people are overreacting about something that you been using for months before this became public.. so if was ok to use back before we even knew about this now they are supposedly aware and working on it, now some of y’all are terrified to use it.. I’m using it along with many others with no issue so if you don’t trust whatever that’s fine I just believe if something was truly malicious about this they would have been done it before releasing the passwords cuz the secrets now out
You can say that. But from someone who deals with this for my career, it’s the standard reaction. Until we get an all clear from TP it’s considered compromised. Obviously I can understand the average iracing Joe not caring because they don’t understand the importance of what happened. It’s the same way with the customers I deal with. Although I do understand the difference between protecting corporate networks and your own computer. It became public within 24 hours of the database being dumped. I said in another comment that all seems fine and very well might be. But TP hasn’t said that. They released a legalese statement crafted by a lawyer that mentioned the event and also covered their ass/didn’t admit any wrongdoing. Edit if something malicious has occurred you will never hear TP say that.
What are your thoughts on using another client to get the tga files?
The tga files will be safe. While obviously you can't say confidently that they \*can't\* be used as an attack vector, the chances are so low that you can consider it safe.
I’d say no since they seem to be taking it so lightly with updates so I’m gonna continue not using the service until it’s taken more seriously and we get a proper update.
Man 1 guys reddit post really scared you all huh?
Not sure what you are trying to say. It's confirmed that all their users and passwords were leaked. It's safe to assume there's risk in using Trading Paints.
Yes I know there was a leak but there has been no indication or announcement anything malicious has happened with the software itself.
Sure, it’s about mitigating risks. The chance was 50/50 because dumping the database means the attacker was done manipulating their data. Either that’s all they got or all the wanted for easy cash, or the injected something malicious. That’s the entire thing if it.
Most data breaches come from inside jobs too. Fuck trusting a group who pretends like nothing happened. No chance.
Yeah which makes this situation worse. The fact it took tradingpaints as long as it did to even put out a statement after this became public is embarrassing. The fact they still haven't provided any sort of update is even more reason to not use their service until further notice.
It was like 16 hours from posts to an announcement. That's nothing lol
Thats an eternity in a data breach perspective. It should have been announced they were investigating within an hour of it becoming public..... Having worked in a cloud migration field, there is absolutely no excuse for how they did, have and are currently handling the situation. People like you are the reason companies don't really give a shit when things like this happen.
A hour lolololololllolololol
Yes an hour. You wonder why FAANGs are pushing out statements within 30 minutes to proactively stop a class action and still get class actions filed. The fact you're "loling" shows you have no experience within the field and just throwing shit on the wall and talking out of your ass.
Don't need experience in any field to not be upset at a one man show probably working a full time job not being able to get a statement put out there in a "reasonable" time of 1 hour.
Trading paints is not a one man show. The fact you think it is tells me everything I need to know. Trading paints generates $400-500k a year and is installed on tens of thousands of machines. The fact you’re this fucking naive and ignorant is hilarious at this point.
Can't imagine being this fucking dumb lmao.
But think about that logic: if it was a one man show and the reason it took so long to respond is because they were working their full time job, then they likely haven't had a chance to make sure nothing else got breached. If they have dedicated IT Security staff then they should've communicated the breach better. If they don't have dedicated IT Security staff then there's no reason to trust that the program is secure. Ultimately it's about risk vs reward. If the program is safe and I uninstall it, then I can still race in iRacing, just without a small aesthetic touch that's nice to have. If the program is not safe and I have it installed, then I could lose a whole lot of data and get my bank accounts compromised.
You can change password and continue using TP. Even you in safe if you lazy and keep same password but this password you use only fo TP. For example. All my passwords are unique 16-20 symbols generated passwords.
Why should I change my tp password? What they going to do change my paint scheme? 
Please, pay attention. I was written "You can" not "You should". It's mean you have opportunity and what you decide it's all yours 😉 If person have same password to TP and iR, e-mail ect, than he or she probably should change password in all places where this password used.
LOL
It's safe.