-
Super Moderator
♰♰♰♰♰♰♰♰♰♰♰♰♰♰♰
Major security flaw within Cloudflare
There has been a major security flaw within Cloudflare and thus meaning within Discord. Its highly suggested that you cycle your passwords everywhere.
Impact
Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.
Data was cached by search engines, and may have been collected by random adversaries over the past few months.
"The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day"
What you should do
Change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-FA set up for important accounts. Of the sites compromised, most notably there is Reddit, Uber, StackOverflow, Patreon, DigitalOcean, 4chan, Wago and many many more.
You can check which sites were affected by this on the readme of this github page GitHub - pirate/sites-using-cloudflare: List of domains using Cloudflare DNS (potentially affected by the CloudBleed HTTPS traffic leak)
I cannot stress this enough, please change your passwords everywhere as this affects everyone everywhere!
You can check to see if your email has been leaked by visiting the following website
Have I been pwned? Check if your email has been compromised in a data breach
-
Post Thanks / Like - 1 Thanks
Ket (1 members gave Thanks to Scumstation for this useful post)
-
Heh, thanks for this. I was wondering why this happen:
I updated my info immediately, but holy shit that's scary.
-
damn, well. good thing i use a toss away pass on discord.
"the true wow experience is Maclone"
-
We have been told that we are not effected but we are following and looking into this issue.
-
Post Thanks / Like - 1 Thanks
shahinpb (1 members gave Thanks to Ket for this useful post)
-
This security flaw is still amazing me 12 hours later. Countless platforms I know have had some problems including some personal clients.