Post by Rinny on Mar 9, 2017 17:21:24 GMT
I try to keep you loves safe under my wings so when I'm made aware of something that could be unsafe I do my best to spread awareness about it. Below is an article I copied and pasted from here. This was written by Sairri, a member of Wicked Wonderland. If you're appreciative and a member already please go back to the original source and show her some love.
"So, this afternoon it was revealed that cloudflare has been affected by a pretty big security flaw. This this blog, to my understanding, does a good job putting it into english. Basically, there was a memory leak that caused cloudflare to misplace sensitive information, including cookies, password authentication tokens and http post bodies. Search engines cached it and third parties, malicious or not, may have noticed this. There is no sign of any malicious attacks or illicit backend access to cloudflare, The bug is fixed and google has scrubbed its cache before any public announcement was made, however there is still little knowing what could still be out there or what was found before the caches were cleaned up.
This means, if you use a domain that uses cloudflare (which everyone here does because proboards uses cloudflare), there is a possibility that your password is no longer secure. It is a very low possibility, not everything was leaked and the majority of people who would have even noticed it, would see only a garble of data, but it is still a possibility. Thus I recommend changing any password used on a cloudflare domain, and if you use the same password for multiple things change those things too. (pardon the added mommy nag but in general, you shouldn’t be using the same password for multiple sites, as tedious as that is)
here is a list of all the domains that use cloudflare, some key ones for roleplayers:jcink, for better or worse, does not use cloudflare and is not affected.
- proboards
- discord
- cbox
- gyazo
- codepen
Tldr; If you logged into any of these sites between 9/22/2016 and 2/20/2017, there’s a possibility but not probability your passwords are no longer secure. There is no sign of malicious intent, but there is no way of knowing what was leaked, what is still out there, and what has been saved by either knowing or unknowing parties. To be safe, you should change any password you use in a cloudflare domain, and any other site if you use that same password for multiple sites. Sites unattached to cloudflare are very likely unaffected
here is the cloudflare blog going into detail about it (for all you software geeks) though it focuses more on how the bug happened and not as much on what it did.
The register and medium also have pretty comprehensive articles about it."