PSA: Cloudflare leak (passwords/sensitive information)

We sure do have a lot of rules and guidelines threads - find them all here, and please make sure you've read them! Also, community-wide announcements (that aren't major ZDoom News) go here as well.

PSA: Cloudflare leak (passwords/sensitive information)

Postby Dancso » Thu Feb 23, 2017 11:45 pm

Discord wrote:There has been a major security flaw within Cloudflare and thus meaning within Discord. Its highly suggested that you cycle your passwords everywhere.

Impact
Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.
Data was cached by search engines, and may have been collected by random adversaries over the past few months.

"The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day"

What you should do
Change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-FA set up for important accounts. Of the sites compromised, most notably there is Reddit, Uber, StackOverflow, Patreon, DigitalOcean, 4chan, and many many more.

You can check which sites were affected by this on the readme of this github page
https://github.com/pirate/sites-using-cloudflare

(copied from a discord server I attend)
Additional source:
Ars Technica
User avatar
Dancso
bow wow
 
Joined: 11 Oct 2006
Location: at home.. Status: lazy like hell

Re: PSA: Cloudflare leak (passwords/sensitive information)

Postby Rachael » Fri Feb 24, 2017 2:13 am

Thank you for that notice. :)

Just so everyone knows - ZDoom.org and DRDTeam.org do not use Cloudflare so they should not be affected by this. However, many Doom-community-related websites are. So be careful.
User avatar
Rachael
Webmaster
 
Joined: 13 Jan 2004
Discord: Rachael#3767
Twitch ID: madamerachelle
Github ID: madame-rachelle
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: PSA: Cloudflare leak (passwords/sensitive information)

Postby jpalomo » Fri Feb 24, 2017 6:23 am

I managed to find a (incomplete) list of sites that could be affected by this: https://github.com/pirate/sites-using-cloudflare. And I just got around to setting up a Discord account too...
Edit:
I feel like an idiot for not reading the first post in it's entirety. Off to bed with me.
User avatar
jpalomo
 
Joined: 17 May 2010

Re: PSA: Cloudflare leak (passwords/sensitive information)

Postby Accensus » Fri Mar 03, 2017 12:31 pm

Just wanna mention FYI that the issue has been taken care of. At first glance it seems like this is an ongoing problem, but it is not.
User avatar
Accensus
Vector, locked in.
 
Joined: 11 Feb 2016
Location: Somalia
Operating System: Windows 10/8.1/8/201x 64-bit
OS Test Version: No (Using Stable Public Version)
Graphics Processor: nVidia with Vulkan support

Re: PSA: Cloudflare leak (passwords/sensitive information)

Postby NeuralStunner » Sun Mar 05, 2017 1:03 pm

Sobering as ever. Good on them for patching up as soon as they knew, though.
User avatar
NeuralStunner
I'll Get By
 
 
 
Joined: 21 Jul 2009
Location: Indiana, USA
Discord: NeuralStunner#1293
Operating System: Windows Vista/7/2008 64-bit

Re: PSA: Cloudflare leak (passwords/sensitive information)

Postby Nevander » Sun Mar 05, 2017 10:49 pm

Personally for me I never worry about stuff like this since I never keep personal information anywhere on the internet and I have different passwords for every single website that I am registered to. The only real concern is if my bank gets hacked directly.
Nevander
Self-Banned User
 
Joined: 07 Jan 2014


Return to Rules and Forum Announcements

Who is online

Users browsing this forum: No registered users and 0 guests