Author

Topic: Cloudflare hacked? So now we need to change passwords on Bitcointalk again? (Read 1634 times)

sr. member
Activity: 528
Merit: 368
Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.

Cloudflare acts as a reverse proxy and has access to all data that passes between the server and the client. Keep in mind that that is also the case for sites' hosting providers, including those that don't use Cloudflare. Aside perhaps from running the servers in your basement, which is neither practical nor cost-efficient, it's not possible to completely avoid trusting a third party.
hero member
Activity: 1414
Merit: 505
Backed.Finance
Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.

We don't know yet their level of security. This is maybe possible or not. Hope this issues would be clarified soon. There are also many  sites under cloudfare and this is devastation if true. But for those 2FA is activated, I thick it is more secure and not the way we think as of now.
sr. member
Activity: 306
Merit: 257
Wait, Cloudflare has access to all decrypted data on the server end of https sessions? So Cloudflare employees or employees at data centers that cloudflare uses have access to all Bitfinex, poloniex etc passwords? Completely irresponsible if so, regardless of cloudbleed bug. They are basically selling user security for 30 shekels worth of traffic reduction.
copper member
Activity: 2996
Merit: 2374
Quote from: theymos
No, only sites which used Cloudflare could've been affected.
legendary
Activity: 3276
Merit: 1029
Leading Crypto Sports Betting & Casino Platform
I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins
I think that YoBit, c-cex and 98% of the HYIP websites use CloudFlare.
Kraken, Polo, and all of the exchange site are using cloudflare.
legendary
Activity: 1190
Merit: 1000
Look ARROUND!
I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins

I think that YoBit, c-cex and 98% of the HYIP websites use CloudFlare.

Is CloudFlare the only website security company that features DNS protection or something? I guess that people that build websites are too much in a hurry to do it themselves and that's why things like this happen.

Bringing in a third-party to do dirty work isn't the right thing to do unless the person building the website doesn't really care for learning on how to have their websites updated with the latest security.

It makes me wonder why people like the hard route, it only brings shame.


Watch when Bitcoin starts breaking your systems.

Oh, too soon?
sr. member
Activity: 364
Merit: 250
I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins
You think that is safe?
Keylogger they injected keylogger from those emails that Cloudbet, coinbase and all those other sites that sent you out emails to "Change your passwords NOW!" they didn't even tell you why because they were caught with their pants down and got ass fucked royally all because of their so called "SECUR-ITY TEAM A-ONE!" are not competent at their own FUCKING JOBS! Roll Eyes
FIre this fuckheads and replace them with fucking monkeys!
They would do a better job then these fucking freaks of nature.
Good god DAMN MAN! Are everybody fools now?! Roll Eyes
Spoetnik excluded of course because he is a fellow AK-47 owner! Grin Wink
And fellow country man I was referring to this fucking retardo:
https://bitcointalksearch.org/topic/game-protectwhy-isnt-there-a-repthreadfor-this-self-proclaimed-lawyer-for-good-1798844

Have fun with this freak as much as I have for the past week of knowing he existed!
And I still wish he was never born. Undecided
full member
Activity: 154
Merit: 100
***crypto trader***
I've just changed passwords of coinbase, btc-e, bitpay, cubits & localbitcoins
legendary
Activity: 2002
Merit: 1051
ICO? Not even once.
Why we need change our password, i guess they hash our password so it still save right?

Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites.
sr. member
Activity: 528
Merit: 368
And I don't think if this forum is currently using CloudFlare, can some confirmed it if this is true? I didn't see in News above the forum or even on meta about this.  

bitcointalk.org does not use Cloudflare and is not affected. theymos says the same in this thread on the Meta board.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
There are so many sites that are affected by this issue from CloudFlare and even on crypto-games.net also using this service just received their email about this, and  I changed my password also for security reasons.  And I don't think if this forum is currently using CloudFlare, can some confirmed it if this is true? I didn't see in News above the forum or even on meta about this.  
hero member
Activity: 1050
Merit: 529
People should've known better to have a 3rd party do the security of their websites.
Yeah, but unfortunately a lot of websites use CloudFlare Sad Now I need to go and change a lot of passwords and i might have, i hope that cloudflare uses some encryption to store to data.
hero member
Activity: 882
Merit: 500
CryptoTalk.Org - Get Paid for every Post!
I think that ChronoBank was using CloudFlare as well:

From their Altcoin ANN:
Dear TIME token holders,

A critical vulnerability was detected in Cloudflare service. Our ICO website used Cloudflare for anti-DDOS protection.

Change your password at ICO Dashboard immediately!

https://chronobank.io

More info on this vulnerability:

https://medium.com/@octal/cloudbleed-how-to-deal-with-it-150e907fd165

Best regards,
Chronobank team

hero member
Activity: 658
Merit: 500
Why we need change our password, i guess they hash our password so it still save right?
hero member
Activity: 882
Merit: 500
CryptoTalk.Org - Get Paid for every Post!
People should've known better to have a 3rd party do the security of their websites.
legendary
Activity: 2562
Merit: 1441
Does cloudflare store one-way-hashed passwords or plain text?

I don't know if there are collision or other vulnerabilities for one way hashes, which is what should be stored if standard security is followed.

The breach could be nothing to worry about.

Thanks for the info btw. I changed my password just in case.
hero member
Activity: 3164
Merit: 937
Found this on Reddit:
https://www.reddit.com/r/Bitcoin/comments/5vuih9/internet_psa_cloudbleed_cloudflare_leaked/

Since Bitcointalk uses Cloudfare this means we need to change our passwords again? Also Bitfinex, Poloniex, Coinbase, etc ?



Localbitcoins uses Cloudflare and there might be some risk for people`s accounts but i`m not that concerned.
I don`t have bitcoins in my LBC wallet right now. Grin
I don`t know what is the relation between Cloudflare being hacked and Bitcointalk accounts security?
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
Since Bitcointalk uses Cloudfare

bitcointalk has never been using cloudflare and is not using cloudflare now either.

funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them.

Yes, we had a site running behind Cloudflare and we got hacked 3 times in 2 years. You get a false sense of security, when you use them and you think you are bullet proof. I am glad this forum decided not to use them, because it will keep the admins on their toes.

Most "hacks" are done through social engineering and fooling the employees working for Cloudflare.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
Since Bitcointalk uses Cloudfare

bitcointalk has never been using cloudflare and is not using cloudflare now either.

funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them.

Agreed.

And another reason maybe privacy too.. There has been TOR issues with Cloudflare i think.
But mostly i think theymos wanted full control.. and he rightly so should considering the target this place is.
hero member
Activity: 770
Merit: 500
Bazinga!
Since Bitcointalk uses Cloudfare

bitcointalk has never been using cloudflare and is not using cloudflare now either.

funny thing is that people have always been suggesting to Theymos to go to cloudflare and they always denied because of security reasons. now we can see one of them.
legendary
Activity: 3808
Merit: 1723
Found this on Reddit:
https://www.reddit.com/r/Bitcoin/comments/5vuih9/internet_psa_cloudbleed_cloudflare_leaked/

Since Bitcointalk uses Cloudfare this means we need to change our passwords again? Also Bitfinex, Poloniex, Coinbase, etc ?

Jump to: