That kind of statement reminds me of this guy:

https://www.wired.com/2010/05/lifelock-identity-theft/

That statement must have given Cloudfare's lawyer an aneurysm.

Seems to me that management's attempt to downplay the problem exposes the company to as much risk as the original technical mistake.

That's terrible... he may as well say "As a representative of the company, I want it to be made clear that I don't treat security seriously".

In trying to downplay it, he's making the matter even worse.

*Article says COO, but Twitter says CTO. Strange.

And he's fairly active on these forums. That seems like such an odd thing to say given how important security is/should be at CF...curious if jgrahamc would further clarify his position here.

Agreed on the importance of security, but if his credentials from outside their network are able to be used in any significant way to impact their services or systems then they're doing something tragically wrong. For that matter if his credentials can be used anywhere to impact their services it's a failure.

As far as I can tell he's basically 2nd-in-command.

That seems like a reasonably unwise thing to say. It would be absolutely reasonable for someone to change there passwords after breach.

By citing a personal view point they're seeking to downplay the issue while providing little useful advice.

That seems a lot like something a company which was just implicated in a gigantic leak would say: damage control.

It's the modern version of the captain going down with the ship.