|
Title: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: TravelMug on February 25, 2017, 12:40:10 AM Some of the most popular Bitcoin services on the internet may have leaked sensitive user information, including passwords.
Cloudflare is a popular content delivery network that effectively acts as a sort of digital shield, a proxy that offers millions of websites DoS protection and other services. Some of the biggest websites on the internet use Cloudflare, including several well-known Bitcoin companies, like Coinbase, Kraken, LocalBitcoins, Poloniex and more Using a Bitcoin Service? You May Need to Change Your Password (Now) (https://bitcoinmagazine.com/articles/using-bitcoin-service-you-may-need-change-your-password-now/) Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: blockcha1n on February 25, 2017, 12:42:30 AM Some of the most popular Bitcoin services on the internet may have leaked sensitive user information, including passwords. How long ago was this known?Cloudflare is a popular content delivery network that effectively acts as a sort of digital shield, a proxy that offers millions of websites DoS protection and other services. Some of the biggest websites on the internet use Cloudflare, including several well-known Bitcoin companies, like Coinbase, Kraken, LocalBitcoins, Poloniex and more Using a Bitcoin Service? You May Need to Change Your Password (Now) (https://bitcoinmagazine.com/articles/using-bitcoin-service-you-may-need-change-your-password-now/) I think it was since September last year there was a breach in their service but they didn't report it until just now. I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios. Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: aso118 on February 25, 2017, 01:14:45 AM How long ago was this known? I think it was since September last year there was a breach in their service but they didn't report it until just now. I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios. According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ I don't think it was known in September. It was reported by Tavis Ormandy last Friday. Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: blockcha1n on February 25, 2017, 01:19:22 AM How long ago was this known? I think it was since September last year there was a breach in their service but they didn't report it until just now. I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios. According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ I don't think it was known in September. It was reported by Tavis Ormandy last Friday. And the hackers have those lists. So alot of accounts are dormant. And can be retrieved and used by those hackers. Am I right or wrong in this scenario that is brewing in my mind about this security breach? And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack. Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: Rammortal on February 25, 2017, 06:34:05 AM How long ago was this known? I think it was since September last year there was a breach in their service but they didn't report it until just now. I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios. According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ I don't think it was known in September. It was reported by Tavis Ormandy last Friday. And the hackers have those lists. So alot of accounts are dormant. And can be retrieved and used by those hackers. Am I right or wrong in this scenario that is brewing in my mind about this security breach? And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack. This outage was first spotted by the Tavis Ormandy, the British bug hunter from Google's Project Zero security team. He updated his findings on twitter From Tavis Ormandy : Cloudflare have been leaking customer HTTPS sessions for months. Uber, 1Password, FitBit, OKCupid, etc. https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 I am hoping bugs played with the sessions only not with the data's. Let see. Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: maku on February 25, 2017, 09:40:23 AM CloudFlare is used by millions of websites even 0,00003% leak is HUGE.
The more complicated the defense the higher chance there will be a backdoor somewhere. It is exactly what happened with CloudFlare. There is really no telling if hackers managed to find that exploit before Travis Ormandy shared the info about it. Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: Utrine on February 25, 2017, 10:38:53 AM How long ago was this known? I think it was since September last year there was a breach in their service but they didn't report it until just now. I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios. According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ I don't think it was known in September. It was reported by Tavis Ormandy last Friday. And the hackers have those lists. So alot of accounts are dormant. And can be retrieved and used by those hackers. Am I right or wrong in this scenario that is brewing in my mind about this security breach? And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack. If I did not log in in the last four months, will the password be leaked? Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: Kprawn on February 25, 2017, 04:49:10 PM Why if a site like Coinbase were on that list, do we not find millions of coins being stolen or are this a government sanctioned hack to spy on
people? How many "hacks" might have been engineered through this exploit and can this be traced now that we know about this? There are a lot of questions that needs to be answered. Why did Cloudflare keep quite? Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: numismatist on February 25, 2017, 10:25:11 PM including several well-known Bitcoin companies, like Coinbase, Kraken, LocalBitcoins, Poloniex and more >:( ☣☠☂☠ can't they get their shit straight endagering everyone of us ☣☠☠☂ :-\ Got no news from Polo so far. The others at least sent some mail. Title: Re: [2017-02-24]Using a Bitcoin Service? You May Need to Change Your Password (Now) Post by: cr1776 on February 25, 2017, 11:36:11 PM How long ago was this known? I think it was since September last year there was a breach in their service but they didn't report it until just now. I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios. According to their blog post, they managed to solve the issue in less than 48 hrs. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ I don't think it was known in September. It was reported by Tavis Ormandy last Friday. And the hackers have those lists. So alot of accounts are dormant. And can be retrieved and used by those hackers. Am I right or wrong in this scenario that is brewing in my mind about this security breach? And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack. If I did not log in in the last four months, will the password be leaked? It shouldn't be give the nature of the bug since your login details wouldn't have been in cloudflare's server memory if you hadn't logged in. |