Ran Posted February 25, 2017 Share Posted February 25, 2017 For those who are not aware, Cloudflare is a service that allows sites to speed up response times and cache a lot of data to save bandwidth. We have used it successfully these last years, reducing our bandwidth overhead by about half, which has helped reduce our costs. Unfortunately, a bug in their HTML parser has, over the last six months, occasionally dumped plain text data that could includes e-mail addresses, passwords, etc. to the web. My understanding is that this bug depended on certain features that they offered being turned on, but as far as I can see we did not use said features. Besides that, the server doesn't really store your passwords -- it stores hashes made from those passwords, which in theory would take years of computer time to decrypt. All that said, while I believe from what I've read that chances are very low the memory collisions that led to plain text files being dumped and cached by search engines (which have since dumped those caches) has led to any compromise of security here on the forum (or the Wiki), it is generally good practice to change your password regularly, and we would recommend changing your password in the particular case that your password here is shared across other, more sensitive sites (such as Facebook and other social media, or mail servers). Link to comment Share on other sites More sharing options...
Ran Posted February 25, 2017 Author Share Posted February 25, 2017 We've just received word from Cloudflare that no data from Westeros.org has appeared in search engine caches related to the bug, but that they are continuing to review and will notify us should they find anything Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.