[Warning][Cloudbleed bug] Change your passwords & 2FA & API keys - page 2.

Decoded

legendary

Activity: 1232

Merit: 1030

give me your cryptos

Quote from: neochiny on February 25, 2017, 01:42:35 AM

Quote from: Pattberry on February 25, 2017, 01:26:32 AM

--
I have to start using a password manager to deal everything now which i have been avoiding all this while.

Yeah well, I've tried using one before but decided against continuing its use after some time. It's just an additional worry.
Frankly, couldn't stop worrying that the password manager I use would be the weak point, and then ALL of my accounts woulda been compromised.
Decided to go old school instead and keep a hard copy. Grin

Nothing better than pen and paper. Grin

Almost every site uses CloudFlare nowadays. AND that bug has been there for months. Roll Eyes

I wonder when bitcointalk would use 2fa. It would be great if they decide to implement it soon..

They're implementing it in the beta forum, but who knows when that thing's coming out. It's been years.

Quote from: eaLiTy on February 25, 2017, 01:31:45 AM

Hats off to Theymos for sticking to his decision on not using cloudflare because of the same security reason he envisioned long back when every one was asking to add cloudflare to protect from DDOS. Change all the passwords to be safe and enable 2FA to safe guard all your accounts .Majority of the sites use cloudfare ,so check that out and change the passwords to be on the safe side.

Congrats, you copied my post, added a generic warning and got paid for it. Hats off to you. Im sure you haven't even read that post, and of course you won't read this one, you spammer. Ill take it all back if you actually read this, without having someone else notify you about this.

maku

legendary

Activity: 1288

Merit: 1000

Quote from: neochiny on February 25, 2017, 01:42:35 AM

I wonder when bitcointalk would use 2fa. It would be great if they decide to implement it soon..

Bitcointalk was hacked before and sensitive data was leaked, in cases like that 2FA is not helping at all.

We know that Cloudflare issue caused a leak of approximately 0,00003% personal data but I wonder what that number really means.
I.e. what is the actual number of compromised accounts and how many passwords leaked: 1000 or 10000?

lol3c

hero member

Activity: 518

Merit: 500

is it truth that most of third party services password have been leaked? That is terrible.. People can lose up to a thousand of Bitcoin. Thanks for sharing this information. I will change my password asap and start announcing this news to my friends. Damn it. It should never trust coinbase again

devans

sr. member

Activity: 528

Merit: 368

Quote from: Coding Enthusiast on February 24, 2017, 11:54:33 PM

In any case you should change all your passwords on services that were using Cloudflare and are affected by this bug in order to be safe. You can see more information and the list of affected services here:
https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

Sound advice. It's worth adding that if you previously set up shared secret 2FA between 2016-09-22 and 2017-02-18 on one of the affected sites you should get a new secret in addition to changing your password. Usually disabling and reenabling 2FA is the way to do that.

neochiny

hero member

Activity: 756

Merit: 503

Crypto.games

Quote from: Pattberry on February 25, 2017, 01:26:32 AM

--
I have to start using a password manager to deal everything now which i have been avoiding all this while.

Yeah well, I've tried using one before but decided against continuing its use after some time. It's just an additional worry.
Frankly, couldn't stop worrying that the password manager I use would be the weak point, and then ALL of my accounts woulda been compromised.
Decided to go old school instead and keep a hard copy. Grin

Nothing better than pen and paper. Grin

Almost every site uses CloudFlare nowadays. AND that bug has been there for months. Roll Eyes

I wonder when bitcointalk would use 2fa. It would be great if they decide to implement it soon..

eaLiTy

hero member

Activity: 2814

Merit: 911

Have Fun )@@( Stay Safe

Hats off to Theymos for sticking to his decision on not using cloudflare because of the same security reason he envisioned long back when every one was asking to add cloudflare to protect from DDOS. Change all the passwords to be safe and enable 2FA to safe guard all your accounts .Majority of the sites use cloudfare ,so check that out and change the passwords to be on the safe side.

Pattberry

sr. member

Activity: 448

Merit: 250

It is just a bummer to hear a major flaw in cloudflare which leaks every sensitive data online.The very fact that everyone uses these third party protection to safe guard our privacy and what a mess up it has created.I have to start using a password manager to deal everything now which i have been avoiding all this while.

Decoded

legendary

Activity: 1232

Merit: 1030

give me your cryptos

Hahahahahahaha!

Revived like 8 emails this morning regarding this issue. Wondering if bitcointalk used CloudFlare. I remembered seeing a post by Theymos in the past about him not wanting to use CloudFlare due to security issues, and him saying that he'd rather handle the DDoS attacks himself.

Hey, we may not all love everything that he does, but you gotta give him some credit. Nice.

Dudeperfect

hero member

Activity: 1190

Merit: 534

Thanks for coming up with this warning, I was not using 2FA for some sites but it seems that there is no alternative option especially when there is such kind of possibility of leakage of confidential data. I was wondering why Theymos is not using CloudFlare like services on bitcointalk but after this incident, I got my answer. Bitcointalk and we as a community can not afford to lose our data.

Coding Enthusiast

legendary

Activity: 1042

Merit: 2805

Bitcoin and C♯ Enthusiast

I don't see anyone talking about this here so I'll start it here because of its importance and move it to services discussion later.

TL;DR: Bitcointalk is not affected, there is a small chance exchanges and web wallets are affected. To be safe change your password and enable 2 Factor Authentication if you already had a 2FA key change that too also generate new API keys if you were using those too.

You may have heard about the Cloudflare bug that leaked lots of sensitive information if not read more about the details here:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

In any case you should change all your passwords on services that were using Cloudflare and are affected by this bug in order to be safe. You can see more information and the list of affected services here:
https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

Also there is a website to check if a website was using Cloudflare (not sure how reliable it is):
http://www.doesitusecloudflare.com/

Name	\|	Uses cloudflare (May Be Affected)
Bitcointalk	\|	No (does not use Cloudflare)
Bitstamp	\|	No (does not use Cloudflare)
Blockchain.info	\|	YES
Bitfinex	\|	YES
Coinbase	\|	YES
Localbitcoins	\|	YES
Poloniex	\|	YES
Bittrex	\|	YES
Kraken	\|	YES
Bitpay	\|	YES
Btc-e	\|	YES
Cex.io	\|	YES
C-cex	\|	YES
Yobit	\|	YES

* These sites may or may not be affected by the bug, but it is safer if you change your password immediately and enable 2FA. Better safe than sorry
** Just checked a couple of gambling sites, and they all use Cloudflare. Not going to list them here since they are of less importance but you have been warned.

Help me complete the table.

Topic: [Warning][Cloudbleed bug] Change your passwords & 2FA & API keys - page 2. (Read 1561 times)