Pages:
Author

Topic: Anyone get this email on Kraken security issue? (Read 862 times)

hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
same with you i have got that email from kraken, not only from kraken i have got that email from other exchanges which use cloudflare also from gambling site its only for our security better we change all our passoword to prevent our account from hacker

It looks like Kraken isn't the only one that has this issue and affected with cloud bleed. Most of them notified us to change password because of the cloud flare issue. I got also from yobit and I assume that most of us that are into exchanges expect to receive email from them.

Am I in trouble if I don't change my password there but never used the account?

Not really, I didn't changed my password either.
legendary
Activity: 1736
Merit: 1001
same with you i have got that email from kraken, not only from kraken i have got that email from other exchanges which use cloudflare also from gambling site its only for our security better we change all our passoword to prevent our account from hacker
legendary
Activity: 1596
Merit: 1005
★Nitrogensports.eu★
Am I in trouble if I don't change my password there but never used the account?
I don't think so. You are planning never use this this account anyway. I would be worried only when it was my actively used account.
When you never expect to transfer any money/BTC there and your username/password combo is unique then you have nothing to worry about.
Not to mention that only 0.00003% of accounts used in CloudFlare protected services were compromised.
hero member
Activity: 1274
Merit: 521
7enius - Your Cryptocurrency Marketing Consultant
I think all kraken member will get this email to alert and not only for Kraken member, I got from Quinone exchange and also from Iconomi website and for Poloniex i get notification when I login to my account to change my password and activated 2fa, for security is better to take this action even we don't have balance or never used the account.
legendary
Activity: 3500
Merit: 6981
Top Crypto Casino
I got this e-mail, too.  I gave up with Kraken and their ID verification about a month ago, after Circle bit the big one.  They said my pic of me was too blurry.  I don't even know if I have the password for my account written down.  Man, I miss Circle! 

Am I in trouble if I don't change my password there but never used the account?
legendary
Activity: 1596
Merit: 1005
★Nitrogensports.eu★
The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected.
So that bug is faulty SSL connection, then in theory when I wasn't using any service at that time of the main leakage from Feb 13 to 18 then my data couldn't be sniffed?
but it is strange that i have not yet received any email from any of the excahnges that i use and others are saying they have received them!
Some services are neglected this issue and 'forgot' to send emails with warning.
I use blockchain.info wallet and I never received any warning about this CloudFlare security breach from them.
sr. member
Activity: 686
Merit: 250
Yes. Everyone got it. It´s the Cloud bleed Problems. Lots of sensitive data was leaked because of that bug.
So check all your sensitive/important accounts against the list of affected sites, change passwords and enable 2FA (2 factor authentication)
hero member
Activity: 1372
Merit: 500
I got the same email actually thought it was a  phishing attempt to steal my personal info not until I saw this thread. Since its has been authenticated will be adjusting security settings, thank-you

Yeah same thing i thought, hotmail email is so rubbish i cant find the option to see the exact address who the mail is from until open.  Oh well passwords now all changed!
legendary
Activity: 3514
Merit: 1548
Get loan in just five minutes goo.gl/8WMW6n
Yes I have received too,  and I have no doubt that  all Kraken customers received such a letter..
hero member
Activity: 1470
Merit: 655
as neochiny explained it was a bug that has been around in cloudflare services which all these bitcoin related sites use.

but it is strange that i have not yet received any email from any of the excahnges that i use and others are saying they have received them! i had to see it on somewhere else and then bitcointalk to go and change my things Smiley (it is worth mentioning my accounts are a couple of years old)

oh and also there is a topic about it if you want to read more:
https://bitcointalksearch.org/topic/warningcloudbleed-bug-change-your-passwords-2fa-api-keys-1803933
hero member
Activity: 994
Merit: 515
Get'em boys
I got the same email actually thought it was a  phishing attempt to steal my personal info not until I saw this thread. Since its has been authenticated will be adjusting security settings, thank-you
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
All website using CloudFlare affected by this widespread issue and its cloudbleed as someone mentioned it already above posts. They warned their users on every website including the different crypto site to change their password just in case, to prevent of lossing accounts.
hero member
Activity: 714
Merit: 516
#SWGT PRE-SALE IS LIVE
not only kraken all exchanger if use cloudflare get notification about security issue
same is poloniex announcement about use 2Fa, in twitter account poloniex exchanger announce to poloniex member to use 2FA
full member
Activity: 185
Merit: 100
Yes I did.
It was from a massive breach last night on all services that rely on cloudflare.
Not to sure what they have to do with saving everybodies passwords on their site.
Cause as far as I know it is used by all these sites for not allowing DDos attacks but they themselves got attacked from the very thing they are in the position to prevent. Undecided
All over the world they are providing this service to many many many sites.

This is not over yet to find out how many accounts have been affected by this misuse of control by the cyber users sensitive information globally.
hero member
Activity: 756
Merit: 503
Crypto.games
It's not just for exchanges. It's a CloudBleed.

Any and ALL sites that use CloudFlare for DDOS protection could be affected. It's highly advised to change all our passwords and activate 2fa (email, phone, goog auth) for better security.

So, we better take the time now and make sure to secure our accounts.
Quote
Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.
hero member
Activity: 700
Merit: 500
CryptoTalk.Org - Get Paid for every Post!
I got similar type of email from nicehash as they also use cloudflare for DDOS protection. What was the actual bug? Is it related to leak of personal information including our login credentials  Huh
legendary
Activity: 3038
Merit: 1024
Leading Crypto Sports Betting & Casino Platform
Its email has applied for all of the crypto related sites are using the cloud flare right now.  And i get a similar email in from the bittrex due the problem has attacked the cloudflare. Just makes an awareness to all of the users in the exchange site to avoid their data will get a leak.
legendary
Activity: 1652
Merit: 1057
Not just kraken, I received from some other services also (notably from iconomi.net, another cryptocurrency related).

They are basically alerting us to reset password and suggesting enabling 2fa to secure our accounts. This is due to the recent discovery of a bug in cloudfare service. I believe we will be on safer side just be resetting our credentials. I just checked few of my accounts, so far all are accessible.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
It's a widespread cloudflare problem but in spite of the low chances of individual users having their credentials stolen it's good that they've warned people to change passwords just in case.
member
Activity: 64
Merit: 10


A bug was recently discovered with Cloudflare, which Kraken and many other websites use for DoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your Kraken security credentials:

    Change your password
    Change your two-factor authentication (remove and re-enable it)
    Clients who use API keys should generate a new set of keys

You should similarly change your security credentials for other websites that use Cloudflare (see link below for a list of possibly affected sites). If you are using the same password for multiple sites, you should change this immediately so that you have a unique password for each site. And you should enable two-factor authentication for every site that supports it.

The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.

The problem is thought to have only started 6 months ago and 2FA or API keys generated before that time are probably not affected, but we recommend changing them anyway because the bug existed for years.

I got this link
https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

From this topic
https://bitcointalk.org/index.php?topic=1802851.0;topicseen

Seems to sum up the problem
Pages:
Jump to: