ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Cloudflare possible data leak, no leaked data yet found.

    Scheduled Pinned Locked Moved News
    3 Posts 2 Posters 303 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1T
      travisdh1
      last edited by

      Vultr Email from this afternoon:

      Dear Valued Client,

      As you may know, Vultr utilizes Cloudflare's CDN product to enhance the speed of our website around the globe and protect against various malicious attacks on our site.

      Cloudflare recently revealed a security vulnerability that may have resulted in private data from sites whose data is behind the Cloudflare CDN. According to Cloudflare’s security team, the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage. While Cloudflare patched the discovered issue quickly, it was possible sensitive data was leaked to third party search engines that cache data such as Google.com.

      Cloudflare has worked with the security team from Google to search cached data for any relevant Vultr links and has confirmed no data was found. Based on this we have no reason to believe any Vultr customer information has been compromised via this Cloudflare bug.

      This is a good opportunity to remind you of best security practices to secure your account:

      • Enable 2 factor authentication for your main vultr.com account login.

      • Change your control panel password every 90 days (or less).

      • Always change your Instance’s default password after initial deploy.

      • If you utilize the API service, ensure your API IP ACLs are configured correctly.

      • Routinely scan your computer for malware, spyware, browser extensions, and Virii that could compromise or leak private information.*

      We will continue to closely monitor the situation and stay in close contact with Cloudflare should there be any change in the facts we have received thus far. Your account security is our top priority here at Vultr.

      Additional Background Information:

      https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
      https://bugs.chromium.org/p/project-zero/issues/detail?id=1139

      Regards,

      The Vultr Team

      Sounds like no big deal so far, but always good to be aware of these things.

      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch
        last edited by

        There's already a thread about this can somebody please merge this

        travisdh1T 1 Reply Last reply Reply Quote 1
        • travisdh1T
          travisdh1 @JaredBusch
          last edited by

          @JaredBusch said in Cloudflare possible data leak, no leaked data yet found.:

          There's already a thread about this can somebody please merge this

          Well shoot, I even tried searching for it 😞

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post