bitjoin (OP)
|
|
February 24, 2017, 12:23:04 PM |
|
A bug was recently discovered with Cloudflare, which Kraken and many other websites use for DoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your Kraken security credentials:
Change your password Change your two-factor authentication (remove and re-enable it) Clients who use API keys should generate a new set of keys
You should similarly change your security credentials for other websites that use Cloudflare (see link below for a list of possibly affected sites). If you are using the same password for multiple sites, you should change this immediately so that you have a unique password for each site. And you should enable two-factor authentication for every site that supports it.
The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.
The problem is thought to have only started 6 months ago and 2FA or API keys generated before that time are probably not affected, but we recommend changing them anyway because the bug existed for years.
|
|
|
|
zottejos
Member
Offline
Activity: 64
Merit: 10
|
|
February 24, 2017, 12:26:07 PM |
|
A bug was recently discovered with Cloudflare, which Kraken and many other websites use for DoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your Kraken security credentials:
Change your password Change your two-factor authentication (remove and re-enable it) Clients who use API keys should generate a new set of keys
You should similarly change your security credentials for other websites that use Cloudflare (see link below for a list of possibly affected sites). If you are using the same password for multiple sites, you should change this immediately so that you have a unique password for each site. And you should enable two-factor authentication for every site that supports it.
The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.
The problem is thought to have only started 6 months ago and 2FA or API keys generated before that time are probably not affected, but we recommend changing them anyway because the bug existed for years.
I got this link https://github.com/pirate/sites-using-cloudflare/blob/master/README.mdFrom this topic https://bitcointalk.org/index.php?topic=1802851.0;topicseenSeems to sum up the problem
|
|
|
|
alani123
Legendary
Offline
Activity: 2534
Merit: 1496
|
|
February 24, 2017, 12:43:20 PM |
|
It's a widespread cloudflare problem but in spite of the low chances of individual users having their credentials stolen it's good that they've warned people to change passwords just in case.
|
| Duelbits | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | TRY OUR UNIQUE GAMES! ◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ ███ ▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ KENONEW ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ | | 10,000x MULTIPLIER | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
[/tabl
|
|
|
Kevin77
Legendary
Offline
Activity: 1652
Merit: 1057
|
|
February 24, 2017, 02:13:52 PM |
|
Not just kraken, I received from some other services also (notably from iconomi.net, another cryptocurrency related).
They are basically alerting us to reset password and suggesting enabling 2fa to secure our accounts. This is due to the recent discovery of a bug in cloudfare service. I believe we will be on safer side just be resetting our credentials. I just checked few of my accounts, so far all are accessible.
|
|
|
|
asriloni
Legendary
Offline
Activity: 3150
Merit: 1032
Leading Crypto Sports Betting & Casino Platform
|
|
February 24, 2017, 03:17:42 PM |
|
Its email has applied for all of the crypto related sites are using the cloud flare right now. And i get a similar email in from the bittrex due the problem has attacked the cloudflare. Just makes an awareness to all of the users in the exchange site to avoid their data will get a leak.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
SONG GEET
|
|
February 24, 2017, 06:01:14 PM |
|
I got similar type of email from nicehash as they also use cloudflare for DDOS protection. What was the actual bug? Is it related to leak of personal information including our login credentials
|
|
|
|
neochiny
|
|
February 25, 2017, 12:18:55 AM |
|
It's not just for exchanges. It's a CloudBleed. Any and ALL sites that use CloudFlare for DDOS protection could be affected. It's highly advised to change all our passwords and activate 2fa (email, phone, goog auth) for better security. So, we better take the time now and make sure to secure our accounts. Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.
|
|
|
|
blockcha1n
|
|
February 25, 2017, 12:31:37 AM |
|
Yes I did. It was from a massive breach last night on all services that rely on cloudflare. Not to sure what they have to do with saving everybodies passwords on their site. Cause as far as I know it is used by all these sites for not allowing DDos attacks but they themselves got attacked from the very thing they are in the position to prevent. All over the world they are providing this service to many many many sites. This is not over yet to find out how many accounts have been affected by this misuse of control by the cyber users sensitive information globally.
|
|
|
|
cengsuwuei
|
|
February 25, 2017, 02:14:44 AM |
|
not only kraken all exchanger if use cloudflare get notification about security issue same is poloniex announcement about use 2Fa, in twitter account poloniex exchanger announce to poloniex member to use 2FA
|
|
|
|
bL4nkcode
Copper Member
Legendary
Offline
Activity: 2142
Merit: 1306
Limited in number. Limitless in potential.
|
|
February 25, 2017, 02:59:00 AM |
|
All website using CloudFlare affected by this widespread issue and its cloudbleed as someone mentioned it already above posts. They warned their users on every website including the different crypto site to change their password just in case, to prevent of lossing accounts.
|
|
|
|
Diced90
|
|
February 25, 2017, 10:33:25 AM |
|
I got the same email actually thought it was a phishing attempt to steal my personal info not until I saw this thread. Since its has been authenticated will be adjusting security settings, thank-you
|
|
|
|
Red-Apple
|
|
February 25, 2017, 12:18:09 PM |
|
as neochiny explained it was a bug that has been around in cloudflare services which all these bitcoin related sites use. but it is strange that i have not yet received any email from any of the excahnges that i use and others are saying they have received them! i had to see it on somewhere else and then bitcointalk to go and change my things (it is worth mentioning my accounts are a couple of years old) oh and also there is a topic about it if you want to read more: https://bitcointalk.org/index.php?topic=1803933.0
|
--signature space for rent; sent PM--
|
|
|
zazarb
Legendary
Offline
Activity: 3472
Merit: 1548
Get loan in just five minutes goo.gl/8WMW6n
|
|
February 25, 2017, 06:10:10 PM |
|
Yes I have received too, and I have no doubt that all Kraken customers received such a letter..
|
|
|
|
bitjoin (OP)
|
|
February 26, 2017, 07:16:01 PM |
|
I got the same email actually thought it was a phishing attempt to steal my personal info not until I saw this thread. Since its has been authenticated will be adjusting security settings, thank-you
Yeah same thing i thought, hotmail email is so rubbish i cant find the option to see the exact address who the mail is from until open. Oh well passwords now all changed!
|
|
|
|
amaral1977
|
|
February 26, 2017, 09:25:43 PM |
|
Yes. Everyone got it. It´s the Cloud bleed Problems. Lots of sensitive data was leaked because of that bug. So check all your sensitive/important accounts against the list of affected sites, change passwords and enable 2FA (2 factor authentication)
|
|
|
|
Hazir
Legendary
Offline
Activity: 1596
Merit: 1005
★Nitrogensports.eu★
|
|
February 27, 2017, 02:21:10 AM |
|
The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected.
So that bug is faulty SSL connection, then in theory when I wasn't using any service at that time of the main leakage from Feb 13 to 18 then my data couldn't be sniffed? but it is strange that i have not yet received any email from any of the excahnges that i use and others are saying they have received them!
Some services are neglected this issue and 'forgot' to send emails with warning. I use blockchain.info wallet and I never received any warning about this CloudFlare security breach from them.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3472
Merit: 6958
Top Crypto Casino
|
|
February 27, 2017, 02:27:10 AM |
|
I got this e-mail, too. I gave up with Kraken and their ID verification about a month ago, after Circle bit the big one. They said my pic of me was too blurry. I don't even know if I have the password for my account written down. Man, I miss Circle!
Am I in trouble if I don't change my password there but never used the account?
|
|
|
|
barnes13
|
|
February 27, 2017, 02:42:55 AM |
|
I think all kraken member will get this email to alert and not only for Kraken member, I got from Quinone exchange and also from Iconomi website and for Poloniex i get notification when I login to my account to change my password and activated 2fa, for security is better to take this action even we don't have balance or never used the account.
|
|
|
|
Hazir
Legendary
Offline
Activity: 1596
Merit: 1005
★Nitrogensports.eu★
|
|
March 01, 2017, 10:16:58 PM |
|
Am I in trouble if I don't change my password there but never used the account?
I don't think so. You are planning never use this this account anyway. I would be worried only when it was my actively used account. When you never expect to transfer any money/BTC there and your username/password combo is unique then you have nothing to worry about. Not to mention that only 0.00003% of accounts used in CloudFlare protected services were compromised.
|
|
|
|
rozee
Legendary
Offline
Activity: 1736
Merit: 1001
|
|
March 02, 2017, 04:03:34 AM |
|
same with you i have got that email from kraken, not only from kraken i have got that email from other exchanges which use cloudflare also from gambling site its only for our security better we change all our passoword to prevent our account from hacker
|
|
|
|
|