Change your passwords, major issue with cloudflare security "oops"

shwaipshwaip bluffin' with my muffin Icrontian

It looks like a major Internet content server (cloudflare) messed up their code and pretty much leaked a bunch of data that was supposed to be encrypted. This includes any usernames/passwords/emails for websites they host. This information was searchable and archivable by anyone (and was cached by default by google/bing/etc).

This is less of an issue if you use different passwords for every site, but I know I don't do that.....

So I'd recommend changing pretty much all your Internet account passwords, enable 2FA if you can, etc...

Details:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139

Incomplete, preliminary list of potentially affected websites:

https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

primesuspectWinfreyRyderBobbyDigi

Comments

  • ThraxThrax 🐌 Austin, TX Icrontian

    fuuuuuuuuuuuuuuuuuuck

  • SnarkasmSnarkasm Madison, WI Icrontian

    Ugh.

  • Don't rely on lists to determine what passwords you should change. Unless you know for a fact that the site doesn't use Cloudflare, just change your password (and add 2 factor auth, if it's available.... I know I've been beating that dead horse for years)

    _k
Sign In or Register to comment.