Kobayashi Posted February 24, 2017 Report Share Posted February 24, 2017 It appears Cloudflare had a bit of a SSL/TLS leak going on, unfortunately this site may be one that is affected by it: https://github.com/pirate/sites-using-cloudflare Quote Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months. Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was trigerred the response would include data from ANY other cloudfare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn't use those features. So the potential impact is every single one of the sites using CloudFare's proxy services (including HTTP & HTTPS proxy). "The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day" -- source exilemod.com, battlemetrics.com and gametracker.com were all affected as well. vbawol 1 Link to comment Share on other sites More sharing options...
vbawol Posted March 13, 2017 Report Share Posted March 13, 2017 We did not use the extra features of Cloudflare that are reported to have caused this. We should be good, but I still changed my password. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now