Cloudflare compromised

  • Guest, it's time once again for the hotly contested and exciting FoH Asshat Tournament!



    Go here and fill out your bracket!
    Who's been the biggest Asshat in the last year? Once again, only you can decide!

Palum

what Suineg set it to
23,163
32,742
I guess various https requests spilled out to random users and essentially could have been archived by search engines.

Lots of stuff people may actually use though like Discord and various wow sites. Few larger random sites.
 

chaos

Buzzfeed Editor
17,324
4,839
It definitely was archived by search engines. 2.5 million sites for more than a year. Lololol
 

chaos

Buzzfeed Editor
17,324
4,839
Cloud flare is downplaying, but Google is saying assume the worst. That's good advice anyway.
 

Chanur

Shit Posting Professional
<Gold Donor>
26,341
38,014
Patreon affected. Could be some hilarious shenanigans with that.
 

iannis

Musty Nester
31,351
17,656
good lord, that's a lot of sites.

I know that I get booted to cloudfare every now and then. I don't think any of the sites where i've seen the "Wait a second while cloudfare makes sure you're not a bot" are important or require login info though.

I guess I have to start changing passwords monthly now.

I was laying in bed watching netflix on my kindle and it was hitching a little. And I actually caught myself thinking "got dam piece of junk!". Then I was like "wait, I'm watching television on a tablet laying in fucking bed... and I'm about to get upset that it's hitching? This is like living in the fucking future already".

Still -- I'm considering this to be a hassle!
 

Oldbased

> Than U
27,545
64,634
4chan lol and change.org. Could have been CIA Kappa. Poor Ashleymadisonx2 on list just to remind us they been fucked before. looti was on list haha. Washington Times even on it.
Of all the sites listed I only had a patreon account but the CC on file there is long expired/invalid.
 

hodj

Vox Populi Jihadi
<Silver Donator>
31,672
18,377
I'm going through the list and the only site I think I have actually signed up to was Discord and that was literally in the past week.

I also caught this nugget of funny in there

  • davidicke.com
LOL @Lumi, better start changing them passwords bud!
 

Funkor

Molten Core Raider
733
618
What should I do?
Check your password managers and change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-FA set up for important accounts. This might sound like fear-mongering, but the scope of this leak is truly massive, and due to the fact that all cloudflare proxy customers were vulnerable to having data leaked, it's better to be safe than sorry.

Theoretically sites not in this list can also be affected (because an affected site could have made an API request to a non-affected one), you should probably change all your important passwords.

Submit PR's to add domains that you know are using cloudflare, or remove domains that are not affected.
Bitcoin sites and Patreon being affected seem to be the most interesting sites on the list since they deal with money.

Edit:
mmo-champion is on the list, oh Craig I'm so sorry
 

Destiny's Paw

Golden Squire
382
149
This is a suggested list and covers only some of the sites. Some that could have been effected might not even be listed. Should we abandon/cancel our accounts and start over with all new log-in criteria. Or does it effect our devices?
 

Ukerric

Bearded Ape
<Silver Donator>
7,862
9,413
On the subject of infrastructure hacks... While most of you would have been unaffected because 2 years ago, OVH was only starting to get the NA market, OVH's old support forums were hacked. Apparently, they simply forgot to turn off the forum when they migrated their old vBulletin stuff to new forum, and the server stayed up (without DNS) for 2 years unattended and unpatched. Eventually, hackers found the server, stole the user DB, and started to try the user/pw combinations on the OVH management system, which is when OVH staff detected the breach.

If you were already an OVH user and used the forum (with the same password, cough! cough!), change it now!


For 30$, you can purchase the user base too!
 

chaos

Buzzfeed Editor
17,324
4,839
Might be related to the SHA1 collision proof that google did this week?
Best theory I saw was that Google was still using SHA1 somewhere in their authentication chain. But that's just rumors, so far Google has acknowledged it, said there is nothing to be concerned about, and nothing else.

lawl now other people are saying it was the cloudflare issue. idk, I tend to believe the project zero people, but they may not know, may be a communication issue.
 
Last edited:
  • 1Like
Reactions: 1 user