Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.

https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Boards.ie passwords exposed by Cloudfare?

ongarite · 2017-02-24 08:18:19

Seeing this all over the web this morning. Serious bug in Cloudfare could have exposed passwords, token data & other data requests to the internet. Google & other sites have already cached the data for all to see on the web. So whats boards.ie users exposure here? Is it suggested to change your password ASAP?…

24-02-2017 08:18AM

#1

ongarite

Registered Users, Registered Users 2, Paid Member Posts: 8,672 ✭✭✭

Join Date: August 2006

Posts: 8509

Seeing this all over the web this morning.
Serious bug in Cloudfare could have exposed passwords, token data & other data requests to the internet.
Google & other sites have already cached the data for all to see on the web.

So whats boards.ie users exposure here?
Is it suggested to change your password ASAP?

https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

https://github.com/pirate/sites-using-cloudflare

The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.

Post edited by Shield on December 2021

5

Comments

#2 24-02-2017 09:40AM

Boards.ie: Mark

Boards.ie Employee, Boards Employee 2, Boards Employee 3 Posts: 5,461 ✭✭✭✭✭

Boards.ie Employee

Join Date: September 2016

Posts: 4877

Thanks for the heads-up. A change of password following an event such as this is typically wise in any case. We're taking this very seriously and we're currently assessing the extent to which we may have been exposed to this bug.

How can I? User's guide to some features on the new site

0
#3 24-02-2017 10:16AM

[Deleted User]
Posts: 0 CMod ✭✭✭✭

Join Date: -

Posts: 0

It's always wise to change your password every so often, and this is a good time to do so. I just changed mine.

0
#4 24-02-2017 11:13AM

Boards.ie: Mark

Boards.ie Employee, Boards Employee 2, Boards Employee 3 Posts: 5,461 ✭✭✭✭✭

Boards.ie Employee

Join Date: September 2016

Posts: 4877

Copy and paste of the text from the announcement that just went up:

Hi everyone,

It's not the note that any of us would have liked our Fridays to start on, but we're investigating a CloudFlare bug that may have impacted thousands of sites. CloudFlare was put in place last year following a number of DDOS attacks to help shield us from malicious traffic.

Although we have not been made aware of any breaches to date, there is a small chance that this bug has resulted in data being leaked, and we're taking it very seriously as a result.

In cases like this, it's always prudent to err on the side of caution and change your password. Bear in mind that other sites that use CloudFlare may be affected. You should change your password on these other sites, particularly if you happen to use the same password across multiple sites (now's not the time to be judgemental). That's why we felt it best to let you know as soon as possible. You can change your Boards password here.

If you want to get into the nitty gritty of the bug, you can read CloudFlare's blog post right here. Meanwhile, you can find an extensive list of sites that use CloudFlare here (bear in mind that not all sites listed will be affected).

How can I? User's guide to some features on the new site

0
#5 24-02-2017 03:02PM

Boards.ie: Mark

Boards.ie Employee, Boards Employee 2, Boards Employee 3 Posts: 5,461 ✭✭✭✭✭

Boards.ie Employee

Join Date: September 2016

Posts: 4877

Update:

Ronan was in contact with CloudFlare and Boards.ie is not one of the domains where it has discovered exposed data in any third party cache (such as the Google search cache, for example). To put it simply, this means that, as far as we can ascertain, Boards.ie has not been affected by the CloudFlare bug that we detailed earlier.

CloudFlare has since patched the bug and it is no longer leaking data. It is also yet to find any instance of the bug being exploited. If anything changes, they will be in touch and we'll be sure to let you know ASAP.

How can I? User's guide to some features on the new site

0
#6 24-02-2017 03:10PM

D0NNELLY

Closed Accounts Posts: 1,381 ✭✭✭

Join Date: June 2016

Posts: 1264

I'd recommend if something is important enough to warrant a site wide announcement, then it should be pm'd to all users.

The announcements only show up on the full site. I happened across this thread from the latest posts list.

0
Advertisement
#7 24-02-2017 05:17PM

Boards.ie: Niamh

Boards.ie Employee, Boards Employee 2, Boards Employee 3 Posts: 12,597 ✭✭✭✭✭

Boards.ie Community Manager

Join Date: December 2010

Posts: 10871

Thanks D0NNELLY, something to bear in mind for the future though we'd hope not to have to use it

How can I? User's guide to some features on the new site

0