Bitcoin Forum

Not sure if you guys heard but cloudflare recently had a massive leak in it's https code exposing sensitive data
Here is the actual report from cloudflare https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Here is a list of the affected websites, as you can see coinbase, blockchain, localbitcoins are on the list, I would highly advise you to change your password on those websites
https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

Thanks for the list. I am sure that there is a large quantity of people that want to know what websites other than Bitcoin was affected by the CloudBleed scam.

There is a Bitcointalk member that gathered most of the websites within the list for the other members viewing just so they could change their passwords & 2 FA's.

The link is found in here: https://bitcointalk.org/index.php?topic=1803933.0


With the proper knowledge of Ddos management and security, things like these could be prevented. Since most websites are on a third-party host, this was expected to happen so I am not surprised that they attacked so soon.

Everybody was saying stay calm because there was only 0.0009% leakage of customer data was stolen.
I even had a post deleted about this stupid case of affairs. >:(
What a complete failure of common sense by all the companies who were involved with the leaked data of their customers and an utter disgrace of security of the internet confidentially as a whole. ::)
They are trying to cover now how much of a big deal this in a way to not lose customer's. How really pathetic! :-X

Change your password ASAP ;)

It is not a minor leak by any means as most of the websites are routing their traffic through cloud flare which is in fact a dangerous practice in the first place because all the sensitive information are being routed through a third person and if i am the owner i would not want a third person interference rather i would take care of the problem myself than trusting a third person.

Exactly!
People don't know the logistics of how severe this was and still is for their online accounts who used all these sites.
They are down playing it so none of them lose any of their customer's loyalty and switch to sites that don't route that traffic to a third party website.

Very bad for everybody who touch these sites with cookies involved in tracing your location and your login details.
Casinos included because as you notice they know it is you even if you create a completely new account on their site, they still know it is you.  ;)
Go ahead just try it. You might be very surprised what details they steal from you with out you knowing you gave your approval on doing that and any such acceptance in allowing access to do it.

Been following the Cloudbleed leak and it shows horrible ignorance by these websites, I mean I would accept it if these were small blogs and would be willing to endanger logins (unrelated to money in anyway) for cheaper hosting. But for websites like Uber to route users info through a third party shouldn't be acceptable.


Are dealing with millions, particularly Coinbase. and sensitive data is at risk "without even a hacker involvement"...