#cloudbleed

What is Cloudbleed?

A few hours ago, Cloudflare announced that a bug in their servers that meant that in unusual circumstances, servers were returning more information than they should have; the information could potentially be used to hack into accounts on many, many websites. Now that the bug has been fixed, changing your passwords is strongly recommended.

I've never heard of Cloudflare. Why should I do anything?

Cloudflare is one of the largest content delivery network (CDN) companies in the world. Websites use their servers to allow for more users without slowing down their own servers to the point of crashing. As a result of the size of this company, many popular websites have been affected.

Which websites have been affected?

Cloudflare haven't released a list for privacy reasons, but it's safe to assume that any website that uses Cloudflare in some way has been affected. This includes:

Reddit

Patreon

Stack Overflow

4Chan

Yelp

OKCupid

Uber

Discord

Fitbit

Change.org

Gyazo

The Pirate Bay

A full list can be found here. If you have an account on any of these websites, you should change your password.

Sources

Cloudflare's blog post regarding the issue

Cloudflare, a network meant to keep in memory a lot of passwords, usernames, and general security information, just revealed there’s been a huge leak in information that’s been bleeding out and being posted to public internet pages for months now.

Change your passwords! The list of affected sites is long and it’s still growing. If you have any sensitive information it’s highly recommended you use two-factor authentication and/or change your passwords to something more complex.

A snippet of affected sites are;

- discordapp .com - account.leagueoflegends .com - patreon .com - 4chan .com - uber .com - a couple bitcoin sites - okcupid .com - change .org - pastebin .com - a couple anime sites, like crunchyroll .com - a lot of hentai/porn sites (…a lot) - wattpad .com - some torrenting/game torrenting sites - mangafox .com - omegle .com - storeenvy .com - teespring .com - many more

The list is pretty long and it’s not even complete yet, these are just some of those that I thought stuck out more because my friends use them.

Dashlane for ios Has Serious Problems Revealed by the Cloudbleed Incident

Follow @vsatechTweet I was Relying on Dashlane to Help Change my 350 Passwords following the Cloudbleed Data Leak…But Discovered It Wouldn’t Really Do that Using an iPad I know I shouldn’t have waited so long, but I’ve had a lot going on lately and really thought using Dashlane’s Password Manager would be a breeze. I was in for a surprise when I finally got around to doing that today. The…

Symantec Keluarkan Solusi Pertama Atasi CloudBleed

Jakarta, Selular.ID – Setelah berita tentang kerentanan CloudBleed yang berpotensi membahayakan jutaan akun pengguna di aplikasi-aplikasi cloud, Symantec mengeluarkan sebuah solusi yang secara otomatis mengidentifikasi dan mengatasi potensi paparan untuk konsumen ProxySG Symantec. Symantec secara unik diposisikan untuk menghadirkan solusi yang komprehensif dan terotomatisasi ini bagi konsumen…

If you have a profile on sites using CloudFlare.com as host, some private information may have been involuntarily leaked.

There’s an online check tool available at doesitusecloudflare.com, as well as a list that can be found through here: https://cloudbleed.github.io/