I'm hoping to find a list of largish sites that were vulnerable to this bug just prior to the recent disclosure, so that I can know how to prioritize my password changing. (These forced password rotations are happening quite a lot these days.)