|
Portland, Oregon
Experience: Intermediate
Platform: F-16CM-40
Trading: GBU-39
Posts: 6,191 since Sep 2013
Thanks Given: 10,459
Thanks Received: 12,695
|
A huge memory leak was found in the CDN/DNS giant CloudFare's Parser service. Potential information that could've been stolen includes, but is not limited to Passwords, Private Messages, API Keys, IP Addresses, and more between Sept. 22nd 2016 and Feb. 18th 2017. Information was available to random requesters due to the exploit, some even being cached by Search Engines such as Google, meaning advertising companies and anyone who happened to come across it could've picked it up. An estimated 100,000 to 200,000 paged requests of private data was leaked between Feb 13th to Feb 18th per day.
It is highly recommended that you change passwords on the affected sites, if not all passwords. You should also be using Two-Factor Authentication wherever possible.
Popular Affected Websites
- discordapp.com
- reddit.com
- 1password.com (response: https://blog.agilebits.com/2017/02/23/three-layers-of-encryption-keeps-you-safe-when-ssltls-fails/)
- authy.com
- digitalocean.com
- patreon.com
- bitpay.com
- stackoverflow.com
- 4chan.org
- yelp.com
- uber.com
and 7,385,121 other potentially affected websites
List: https://github.com/pirate/sites-using-cloudflare
For a more in-depth technical description of this exploit, see the following blog post below:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
The bug report on Project Zero
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
|
