+- NEUS Projects (https://neus-projects.net/forums)
+-- Forum: Community (https://neus-projects.net/forums/forumdisplay.php?fid=19)
+--- Forum: Fruity Rumpus General (https://neus-projects.net/forums/forumdisplay.php?fid=20)
+--- Thread: Security Alert (/showthread.php?tid=4271)
Security Alert - Zakizo - 02-24-2017
tl;dr Change all of your passwords everywhere in the list below immediately.
https://github.com/pirate/sites-using-cloudflare
Information has been passed on (via Discord for me) that a large amount of personal information may now be compromised.
Quote:Cloudflare, one of the largest CDN providers that power a huge number of highly popular websites, has been affected by a severe bug that exposed the raw contents of Cloudflare server memory to the public.
A principal engineer at Cloudflare stated:
"Memory leak" in the title is misleading. This is memory disclosure, and it’s easily one of the worst security incidents of all time. What is here is disclosure of arbitrary encrypted data (but the plaintext is disclosed), for millions of domains. That data, which could include passwords, credit card numbers, and other secret data, is now sitting in caches distributed all over the world. You can even query some of it from Google right now. Simply awful.
More info on this here:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Notable affected sites I feel I should mention here include Discord, Reddit, and Crunchyroll, which are present on the provided list.