Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14

Thread: Cloudfare notice

  1. #1

    Cloudfare notice

    (Post copied from Graalians)
    There has been a major security flaw within Cloudflare. It's highly suggested that you cycle your passwords for all affected sites and programs due to this.

    Impact
    Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.
    Data was cached by search engines , there are private logins for dozens of multiple websites in google's cache right now, and may have been collected by random scrapers over the past few months.

    According to CloudFlare: "The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests)". This has a potential of 100k-200k paged with private data leaked every day for the dates in question.

    What you should do?
    Change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-Factor Authentication set up for important accounts. You can set up 2-Factor Authentication for Discord under Settings -> Security.

    Sites compronised include: Reddit, Discord, Uber, StackOverflow, Patreon, Yelp, OKCupid, 4chan, Namecheap, DigitalOcean, and many, many more.

    You can check which sites were affected by this on the readme of this github page https://github.com/pirate/sites-using-cloudflare

    Link to the official discord post: https://blog.discordapp.com/safety-jim-p....z9wga7s8s
    Link to the official cloudflare post: https://blog.cloudflare.com/incident-rep...arser-bug/
    Welcome to the forums!

  2. #2
    Yes Sottocapo imaginary's Avatar
    Join Date
    Jan 2014
    Location
    Literally a place you don’t wanna be at
    Posts
    11,992
    Oh man

  3. #3

  4. #4
    Yes Sottocapo imaginary's Avatar
    Join Date
    Jan 2014
    Location
    Literally a place you don’t wanna be at
    Posts
    11,992
    Quote Originally Posted by hohi416 View Post
    Im confused
    Same dude

  5. #5
    Kie whats going on

  6. #6
    Big Cheese Slapjack's Avatar
    Join Date
    Jul 2015
    Location
    Kuwait
    Posts
    1,768
    I don't use any of these so no problem for me XD


    League Of Legends Player
    Server: Eu West
    Name: SlapjackQ8
    Add me, everyone is welcome

  7. #7
    Quote Originally Posted by Slapjack View Post
    I don't use any of these so no problem for me XD
    I only use discord

  8. #8
    Not Actually Banned Yet Bulletzone's Avatar
    Join Date
    Apr 2015
    Location
    United Kingdom
    Posts
    2,849
    All the links listed in "Top 1000 affected sites" are explicit links which are either Rated (R) or Pirating sites(I hope none of you have accounts on the sites).

    The only site/s I assume the Graal community would have accounts on by taking into account the average range (probably about 15.2 In My opinion):

    discordapp.com (Come on if you have a discord get your passwords changing).
    account.leagueoflegends.com (dunno what this site is, but I think the domain is shut, so if you have a L.o.L​ account then get changing.)
    tfl.gov.uk (Londoners check this out)
    curse.com (Not a cursing site, to be honest I don't know what it is)
    minecraftforum.net (Minecraft geeks)
    uber.com (Uber Taxis!)

    Note: The links I have pasted are only due to speculation as to what sort of sites I would expect the majority of Graal to be using.
    However, I don't know everyone's "do-hickees"
    So I would advise you as Kieran stated to check the link and if you have an account on one of those sites change the password. If the password correlates on another account you own, change that one as well.
    "A fool thinks they know everything but a wise person knows there's something to learn from everyone"
    -
    "Great leaders don't complain about the tools they are given. They work to sharpen them"

  9. #9
    Quote Originally Posted by Bulletzone View Post
    All the links listed in "Top 1000 affected sites" are explicit links which are either Rated (R) or Pirating sites(I hope none of you have accounts on the sites).

    The only site/s I assume the Graal community would have accounts on by taking into account the average range (probably about 15.2 In My opinion):

    discordapp.com (Come on if you have a discord get your passwords changing).
    account.leagueoflegends.com (dunno what this site is, but I think the domain is shut, so if you have a L.o.L​ account then get changing.)
    tfl.gov.uk (Londoners check this out)
    curse.com (Not a cursing site, to be honest I don't know what it is)
    minecraftforum.net (Minecraft geeks)
    uber.com (Uber Taxis!)

    Note: The links I have pasted are only due to speculation as to what sort of sites I would expect the majority of Graal to be using.
    However, I don't know everyone's "do-hickees"
    So I would advise you as Kieran stated to check the link and if you have an account on one of those sites change the password. If the password correlates on another account you own, change that one as well.
    Whut???

  10. #10
    Quote Originally Posted by hohi416 View Post
    Whut???
    Basically, some data from some of the sites on the list have been exposed, so someone may have your password for a site. Just change your passwords and you should be ok.
    Welcome to the forums!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •