Epic Legends Minecraft Server | Survival, Minigames, and More @ Play.EpicLegends.ml!

Cloudflare CloudBleed

Any information regarding the community will be posted here.

Cloudflare CloudBleed

Postby IEpicDestroyer » Sat Feb 25, 2017 3:41 am

Hey! Thanks for reading my announcement!

If you may or may not heard, Cloudflare has recently released a security bug, currently called Cloudbleed. It is a heartbleed that will leak information that is completely unrelated. It may include session keys, passwords, etc. Some major companies that were affected were Uber, OKCupid, 1Password, and others. Most people were not impacted. Such bug is already fixed. Here is the email I got this morning:

Dear Cloudflare Customer:

Thursday afternoon, we published a blog post describing a memory leak caused by a serious bug that impacted Cloudflare's systems. If you haven't yet, I encourage you to read that post on the bug:

https://blog.cloudflare.com/incident-re ... arser-bug/

While we resolved the bug within hours of it being reported to us, there was an ongoing risk that some of our customers' sensitive information could still be available through third party caches, such as the Google search cache.

Over the last week, we've worked with these caches to discover what customers may have had sensitive information exposed and ensure that the caches are purged. We waited to disclose the bug publicly until after these caches could be cleared in order to mitigate the ability of malicious individuals to exploit any exposed data.

In our review of these third party caches, we discovered data that had been exposed from approximately 150 of Cloudflare's customers across our Free, Pro, Business, and Enterprise plans. We have reached out to these customers directly to provide them with a copy of the data that was exposed, help them understand its impact, and help them mitigate that impact.

Fortunately, your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found.

To date, we have yet to find any instance of the bug being exploited, but we recommend if you are concerned that you invalidate and reissue any persistent secrets, such as long lived session identifiers, tokens or keys. Due to the nature of the bug, customer SSL keys were not exposed and do not need to be rotated.

Again, if we discover new information that impacts you, we will reach out to you directly. In the meantime, if you have any questions or concerns, please don’t hesitate to reach out.

Matthew Prince
Cloudflare, Inc.
Co-founder and CEO

As you see NOTHING important from our site was leaked, but you should CHANGE YOUR PASSWORDS! Most likely you don't need to, but if are paranoid, changing it doesn't hurt. (As it is change your password day today :p)
These are the known sites that had data leaked, but most likely, not passwords: https://github.com/Dorian/doma/blob/mas ... dbleed.yml

This post is just to alert you that our cdn service had a heardbleed (or the so called Cloudbleed), so just be extra careful! :)

~ IEpicDestroyer
Owner of Epic Legends
[email protected]
Site Admin
Site Admin
Posts: 11
Joined: Wed May 18, 2016 12:18 am

Return to News & Announcements

Who is online

Users browsing this forum: No registered users and 8 guests