CLOUDFLARE SECURITY SCANDAL #Cloudbleed: memory leaks with buffer overruns! (FULL HTTPS TRAFFIC LEAKED)

Details about what happened, from Cloudflare:

Potential sites affected:

@dirvine @nicklambert the affected sites includes DIGITAL OCEAN, COINBASE, BITFINEX, POLONIEX und KRAKEN.
Kill your sessions (logout) sign back in and change your passwords, and if you haven’t activated your 2FA, it is time to do it right now.

This is way worse than heartbleed.
I am tired of this shit. We need Safe Network now!!


I always use 2fa for everything, would that really help though? Always worry someone could grab my code when I’m setting it up

You said it. If you set up the 2FA the last 5 months, you should disable it and reenable 2FA again.
The leaks are in plaintext of everything they had in memory: it includes API keys, plain text passwords, TLS certificates, full private messages, IP addresses, GPS coordinates, session tokens, HTTP POST, HTTP GET, etc…)
If the website you are using were using Cloudflare for DDoS protection (or to manage heavy traffic with their reverse proxies), then it essentially has been doing a MITM, and everything that you were supposed to be sending to your favorite website, was going through Cloudflare first.

You have to authorise a device with an already authorised device usually with 2FA.apps like ‘authy’, so they’re pretty robust.

The biggest weak point is your phone usually. I’d be more worried about using your number to back up any ID than your codes being grabbed. But obvs change and update all pw’s especially if they are duplicated for various sites.

I don’t even own a mobile… more trouble then they’re worth. :stuck_out_tongue_closed_eyes:

Authy uses Cloudflare.


How is it possible that this kind of data is transferred unencrypted over cloudflare? I’m more and more confused how insecure everything is. I mean we know it’s really bad, but how bad is it actually if something like this can even happen? Wow, just wow.


It is HTTPS Traffic, but once it arrives to the server, it is stored in memory in plaintext.

1 Like


Looks like I’m spending all afternoon, setting up new passwords.

This is getting ridiculous.

1 Like

just in case :

$ egrep ‘|’ sorted_unique_cf.txt

1 Like