Post subject: Cloudflare been leaking customer HTTPS sessions for months
creaothceann
He/Him
Editor
Joined: 4/7/2005
Posts: 1874
Location: Germany
https://github.com/pirate/sites-using-cloudflare/blob/master/README.md https://www.reddit.com/r/programming/comments/5vtv16/cloudflare_have_been_leaking_customer_https/
Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months. [...] 4,287,625 possibly affected domains [...] Check your password managers and change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-FA set up for important accounts. Theoretically sites not in this list can also be affected (because an affected site could have made an API request to a non-affected one), so to be safe you should probably change all your important passwords.
Editor, Experienced player (570)
Joined: 11/8/2010
Posts: 4036
Thanks for the list, creaothceann. Wow, looking through the full list is like looking through my e-mail spam. Here are some that may affect users on this site: nicozon.net (Nicovideo viewer), Crunchyroll, gogoanime.com, Pastebin, Uber, Fitbit, Minecraftforum.net, Bitcoin, Teespring (GDQs?), Discord, Uservoice, Bungie, blip.tv, puu.sh, rghost.ru, MobyGames (game info for publications, no ROMs)