CloudFlare leak

Post Reply New Topic

Hello everyone,

Last night, CloudFlare, who provide some hosting services for WrongPlanet, confirmed that a bug has occasionally been leaking small amounts of private information, including passwords. Some of this information has been cached by search engines.

There is very little chance that you have been affected and no reason to panic. There is no reason to think WrongPlanet data has been compromised, let alone your own. However, if you want to make sure that you are secure, then follow these steps:

- Change your password
- Log out
- Log back in
- If you use your password on any other sites, change those too.

You may need to repeat this across several sites which use CloudFlare.

It's important to emphasise that while this means you can't have 100% certainty about the security of your accounts, it's very unlikely anyone would target your WrongPlanet account. Other services affected include Uber, Discord, Patreon, Medium, Yelp, Change.org, Pastebin, and OK Cupid.

I have followed the steps above and hopefully other moderators will do so too.

While changing your password (and logging out and in again) is advisable as a precaution, there is no reason for panic.

1. I am getting an error that says "The current password you entered is incorrect." when I entered my password the same multiple times after logging off and back on with said password.


2. I changed my password not long ago, is there a time frame for this hack?

I wondered why the site kept going on and off.

It's not a hack, it's not a single event. Data have been accidentally revealed to people in certain conditions. It started about six months ago and reached a peak about a week ago.

I can't answer on point #1.

Again, chances are that you're absolutely fine, but it's important to be aware of the possibility.

I don't think this bug is at all related to WP downtime.

Well,

It looks to be one of the many bugs of the site, I have tried resetting everything and clearing my history and its still a no go and I can't change my email or password. Don't worry about, it'll probably fix itself eventually, I'll try Firefox at some point too. Thanks for the letting everyone know.

if we're thinking about the same things, then that's a regular, daily occurrence that happens around midnight EST when the server maintenance occurs. i don't believe it has any connection to the cloudflare leak.

thanks for announcing this, Walrus i have changed my password, for that extra little bit of security.

It would be very unlikely that CloudFlare would have the our passwords, for one POST requests such as login would not be cached, and there would be no reason to transfer hashes to CF

that may very well be true.

regardless, it was time i changed mine anyway - i had my old one since i joined the site.

You probably know more about this than I do, but there are certainly cases where the bleed has led to usable authentication tokens being leaked. Believe logging out and in again is the solution to this, but in theory, if someone has logged in to your account then they could get back in again unless you change your password.

This Cloudflare leak is not just to WP. Any site that uses Cloudflare could have been affected by this - Authy, OKCupid, Yelp, etc.

https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

Users should get into the practice of changing their passwords at least once a year, more if the site has sensitive info, and use multifactor authentication for really personal things.

For some reason I can change my password now after being banned (by request) and unbanned

Could this leak, or something else going wrong with CloudBlare (get it?) why I am randomly being redirected to rightplanet.club?

Now before you tell me to run a scan on my iPhone, I've done so, as well as erased my phone and reset my network settings. It does not matter what network I use, nor what browser, I still get the random redirects to rightplanet.club. Could CloudFlare be infected?

I'm still being hijacked to rightnetworkclub constantly.WTF??