Sign in to follow this  
Followers 0
Ran

Cloudflare and Passwords

2 posts in this topic

For those who are not aware, Cloudflare is a service that allows sites to speed up response times and cache a lot of data to save bandwidth. We have used it successfully these last years, reducing our bandwidth overhead by about half, which has helped reduce our costs.

Unfortunately, a bug in their HTML parser has, over the last six months, occasionally dumped plain text data that could includes e-mail addresses, passwords, etc. to the web. My understanding is that this bug depended on certain features that they offered being turned on, but as far as I can see we did not use said features.

Besides that, the server doesn't really store your passwords -- it stores hashes made from those passwords, which in theory would take years of computer time to decrypt.

All that said, while I believe from what I've read that chances are very low the memory collisions that led to plain text files being dumped and cached by search engines (which have since dumped those caches) has led to any compromise of security here on the forum (or the Wiki), it is generally good practice to change your password regularly, and we would recommend changing your password in the particular case that your password here is shared across other, more sensitive sites (such as Facebook and other social media, or mail servers).

 

 

 

Share this post


Link to post
Share on other sites

We've just received word from Cloudflare that no data from Westeros.org has appeared in search engine caches related to the bug, but that they are continuing to review and will notify us should they find anything

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0