Anyone get this email on Kraken security issue?

passwordnow

hero member

Activity: 2926

Merit: 570

Leading Crypto Sports Betting & Casino Platform

Quote from: rozee on March 02, 2017, 12:03:34 AM

same with you i have got that email from kraken, not only from kraken i have got that email from other exchanges which use cloudflare also from gambling site its only for our security better we change all our passoword to prevent our account from hacker

It looks like Kraken isn't the only one that has this issue and affected with cloud bleed. Most of them notified us to change password because of the cloud flare issue. I got also from yobit and I assume that most of us that are into exchanges expect to receive email from them.

Quote from: The Sceptical Chymist on February 26, 2017, 10:27:10 PM

Am I in trouble if I don't change my password there but never used the account?

Not really, I didn't changed my password either.

rozee

legendary

Activity: 1736

Merit: 1001

same with you i have got that email from kraken, not only from kraken i have got that email from other exchanges which use cloudflare also from gambling site its only for our security better we change all our passoword to prevent our account from hacker

Hazir

legendary

Activity: 1596

Merit: 1005

★Nitrogensports.eu★

Quote from: The Sceptical Chymist on February 26, 2017, 10:27:10 PM

Am I in trouble if I don't change my password there but never used the account?

I don't think so. You are planning never use this this account anyway. I would be worried only when it was my actively used account.
When you never expect to transfer any money/BTC there and your username/password combo is unique then you have nothing to worry about.
Not to mention that only 0.00003% of accounts used in CloudFlare protected services were compromised.

barnes13

hero member

Activity: 1274

Merit: 521

7enius - Your Cryptocurrency Marketing Consultant

I think all kraken member will get this email to alert and not only for Kraken member, I got from Quinone exchange and also from Iconomi website and for Poloniex i get notification when I login to my account to change my password and activated 2fa, for security is better to take this action even we don't have balance or never used the account.

The Sceptical Chymist

legendary

Activity: 3332

Merit: 6809

Cashback 15%

I got this e-mail, too. I gave up with Kraken and their ID verification about a month ago, after Circle bit the big one. They said my pic of me was too blurry. I don't even know if I have the password for my account written down. Man, I miss Circle!

Am I in trouble if I don't change my password there but never used the account?

Hazir

legendary

Activity: 1596

Merit: 1005

★Nitrogensports.eu★

Quote from: bitjoin on February 24, 2017, 08:23:04 AM

The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected.

So that bug is faulty SSL connection, then in theory when I wasn't using any service at that time of the main leakage from Feb 13 to 18 then my data couldn't be sniffed?

Quote from: Red-Apple on February 25, 2017, 08:18:09 AM

but it is strange that i have not yet received any email from any of the excahnges that i use and others are saying they have received them!

Some services are neglected this issue and 'forgot' to send emails with warning.
I use blockchain.info wallet and I never received any warning about this CloudFlare security breach from them.

amaral1977

sr. member

Activity: 686

Merit: 250

Yes. Everyone got it. It´s the Cloud bleed Problems. Lots of sensitive data was leaked because of that bug.
So check all your sensitive/important accounts against the list of affected sites, change passwords and enable 2FA (2 factor authentication)

bitjoin

hero member

Activity: 1372

Merit: 500

Quote from: Diced90 on February 25, 2017, 06:33:25 AM

I got the same email actually thought it was a phishing attempt to steal my personal info not until I saw this thread. Since its has been authenticated will be adjusting security settings, thank-you

Yeah same thing i thought, hotmail email is so rubbish i cant find the option to see the exact address who the mail is from until open. Oh well passwords now all changed!

zazarb

legendary

Activity: 3374

Merit: 1548

Get loan in just five minutes goo.gl/8WMW6n

Yes I have received too, and I have no doubt that all Kraken customers received such a letter..

Red-Apple

hero member

Activity: 1470

Merit: 655

as neochiny explained it was a bug that has been around in cloudflare services which all these bitcoin related sites use.

but it is strange that i have not yet received any email from any of the excahnges that i use and others are saying they have received them! i had to see it on somewhere else and then bitcointalk to go and change my things

(it is worth mentioning my accounts are a couple of years old)

oh and also there is a topic about it if you want to read more:
https://bitcointalksearch.org/topic/warningcloudbleed-bug-change-your-passwords-2fa-api-keys-1803933

Diced90

hero member

Activity: 994

Merit: 515

Get'em boys

I got the same email actually thought it was a phishing attempt to steal my personal info not until I saw this thread. Since its has been authenticated will be adjusting security settings, thank-you

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

All website using CloudFlare affected by this widespread issue and its cloudbleed as someone mentioned it already above posts. They warned their users on every website including the different crypto site to change their password just in case, to prevent of lossing accounts.

cengsuwuei

hero member

Activity: 714

Merit: 516

#SWGT PRE-SALE IS LIVE

not only kraken all exchanger if use cloudflare get notification about security issue
same is poloniex announcement about use 2Fa, in twitter account poloniex exchanger announce to poloniex member to use 2FA

blockcha1n

full member

Activity: 185

Merit: 100

Yes I did.
It was from a massive breach last night on all services that rely on cloudflare.
Not to sure what they have to do with saving everybodies passwords on their site.
Cause as far as I know it is used by all these sites for not allowing DDos attacks but they themselves got attacked from the very thing they are in the position to prevent. Undecided

All over the world they are providing this service to many many many sites.

This is not over yet to find out how many accounts have been affected by this misuse of control by the cyber users sensitive information globally.

neochiny

hero member

Activity: 756

Merit: 503

Crypto.games

It's not just for exchanges. It's a CloudBleed.

Any and ALL sites that use CloudFlare for DDOS protection could be affected. It's highly advised to change all our passwords and activate 2fa (email, phone, goog auth) for better security.

So, we better take the time now and make sure to secure our accounts.

Quote

Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters.

SONG GEET

hero member

Activity: 700

Merit: 500

CryptoTalk.Org - Get Paid for every Post!

I got similar type of email from nicehash as they also use cloudflare for DDOS protection. What was the actual bug? Is it related to leak of personal information including our login credentials Huh

asriloni

legendary

Activity: 3010

Merit: 1024

Leading Crypto Sports Betting & Casino Platform

Its email has applied for all of the crypto related sites are using the cloud flare right now. And i get a similar email in from the bittrex due the problem has attacked the cloudflare. Just makes an awareness to all of the users in the exchange site to avoid their data will get a leak.

Kevin77

legendary

Activity: 1652

Merit: 1057

Not just kraken, I received from some other services also (notably from iconomi.net, another cryptocurrency related).

They are basically alerting us to reset password and suggesting enabling 2fa to secure our accounts. This is due to the recent discovery of a bug in cloudfare service. I believe we will be on safer side just be resetting our credentials. I just checked few of my accounts, so far all are accessible.

alani123

legendary

Activity: 2394

Merit: 1412

Leading Crypto Sports Betting & Casino Platform

It's a widespread cloudflare problem but in spite of the low chances of individual users having their credentials stolen it's good that they've warned people to change passwords just in case.

zottejos

member

Activity: 64

Merit: 10

Quote from: bitjoin on February 24, 2017, 08:23:04 AM

A bug was recently discovered with Cloudflare, which Kraken and many other websites use for DoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your Kraken security credentials:

   Change your password
   Change your two-factor authentication (remove and re-enable it)
   Clients who use API keys should generate a new set of keys

You should similarly change your security credentials for other websites that use Cloudflare (see link below for a list of possibly affected sites). If you are using the same password for multiple sites, you should change this immediately so that you have a unique password for each site. And you should enable two-factor authentication for every site that supports it.

The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.

The problem is thought to have only started 6 months ago and 2FA or API keys generated before that time are probably not affected, but we recommend changing them anyway because the bug existed for years.

I got this link
https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

From this topic
https://bitcointalk.org/index.php?topic=1802851.0;topicseen

Seems to sum up the problem

Topic: Anyone get this email on Kraken security issue? (Read 807 times)