Does anyone know if PrimeDice uses Cloudflare? I know that some sites use it due to the DDOS attacks that we have encountered but I don't remember if Primedice has used it in the past or if they are currently using it?
Wondering if the devs can chime in and let us know how to proceed and if any critical data was leaked?
Wondering if the devs can chime in and let us know how to proceed and if any critical data was leaked?
Primedice does use Cloudflare–at least at the moment. The bug was caused by only a few specific Cloudflare features, but it is unclear whether all sites or only sites using these features were affected. For that reason I currently consider all sites that proxy traffic through Cloudflare to be affected.
Any information that was sent between users and the site was vulnerable, including passwords, session IDs, authentication tokens and 2FA secrets. Although it's unlikely that you are affected, you should change your password as a precaution. If you set up 2FA between 2016-09-22 and 2017-02-18 you should also consider reenabling it with a new secret.
Note that this holds true for many sites, not just Primedice. You might also want to consider changing your passwords on these Bitcoin-related sites, for example:
- Coinbase
- BitPay
- LocalBitcoins
- Kraken
yeah it is a security breach of enormous proportions
the worst thing is you never know which site using Cloudflare has been affected-this error appeared in 0.00003% of total requests
here is the list of sites people THINK were affected:
https://github.com/pirate/sites-using-cloudflare
you can read more about the #cloudbleed here:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
advice:use password managers,change all and every password you feel could have been affected by this breach,especially the sites like:exchanges,wallets,accounts with your sensitive info
better safe than sorry
? 
