CloudBleed

Discussion in 'Site News' started by Neg1, Feb 28, 2017.

  1. Neg1

    Neg1 Forum Staff Staff Member

    1,770
    342
    112
    Jul 15, 2011
    Dallas, TX
    Cloudflare DNS announced on Feb 23rd 2017 that it suffered a security incident over the last few months that could affect a vast swath of the internet. It boils down to a since-repaired buffer issue that could potentially have exposed sensitive data, including website authentication tokens, to search engine caching.

    The Quakecon Forums is a user of Cloudflare but from what we can tell, we are not directly affected by the leak. Cloudflare has said only 150 domains were effected and a user made list is now available of effected sites. https://github.com/pirate/sites-using-cloudflare

    To be on the safe side we still recommend that you change your password.
     
  2. AlGore

    AlGore Space Marine

    336
    117
    48
    Aug 4, 2011
    Phoenix, AZ
    Discordapp.com was also affected by that, so that probably affects a lot of us here as well.
     
  3. Neg1

    Neg1 Forum Staff Staff Member

    1,770
    342
    112
    Jul 15, 2011
    Dallas, TX
    Cloudflare is used by over 5.5 million websites, so that only 150 were compromised is really amazing.

    Big sites that are confirmed effected were:
    discord
    uber
    bungie
    fitbit
    teespring
     
    jex and AlGore like this.
  4. jex

    jex Orbital Strike

    502
    92
    38
    Jul 14, 2015
    TX
    Yup...discordapp.com is definitely going to hit a bunch of us. I've also spread the word because I know a ton of people using uber.
     
  5. LionBattery

    LionBattery Baby's First WASD

    34
    12
    16
    Mar 29, 2015
    Dallas
    Side note, is there a discord for quakecon/quakecon forums?
     
  6. Neg1

    Neg1 Forum Staff Staff Member

    1,770
    342
    112
    Jul 15, 2011
    Dallas, TX
    LionBattery likes this.
  7. LightningCrash

    LightningCrash Lost Packets

    3
    0
    5
    Feb 19, 2017
    I think there was a lot of miscommunication about this. Only 150 sites were leaking data. The 150 sites in question were potentially leaking data from all CloudFlare customers.
     

Share This Page