Posted: 2/24/2017 7:34 AM
Post subject: Cloudflare been leaking customer HTTPS sessions for months
Quote
creaothceann
He/Him
Editor
Joined: 4/7/2005
Posts: 1874
Location: Germany
https://github.com/pirate/sites-using-cloudflare/blob/master/README.md https://www.reddit.com/r/programming/comments/5vtv16/cloudflare_have_been_leaking_customer_https/
Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months. [...] 4,287,625 possibly affected domains [...] Check your password managers and change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-FA set up for important accounts. Theoretically sites not in this list can also be affected (because an affected site could have made an API request to a non-affected one), so to be safe you should probably change all your important passwords.
Posted: 3/1/2017 7:09 AM
Quote
CoolKirby
Editor, Experienced player (609)
Joined: 11/8/2010
Posts: 4012
Exotic platforms TASer of 2014 NES TAS of 2013
Thanks for the list, creaothceann. Wow, looking through the full list is like looking through my e-mail spam. Here are some that may affect users on this site: nicozon.net (Nicovideo viewer), Crunchyroll, gogoanime.com, Pastebin, Uber, Fitbit, Minecraftforum.net, Bitcoin, Teespring (GDQs?), Discord, Uservoice, Bungie, blip.tv, puu.sh, rghost.ru, MobyGames (game info for publications, no ROMs)