IMPORTANT >> CHANGE ALL YOUR PASSWORDS NOW

LW

LW

Community Manager
Administrator
Moderator
Freedom! Member
Apr 2, 2016
3,043
1,253
23
Vienna, Austria
twitter.com
YouTube
lw_001
Sorry if anyone's already made a thread about this and I couldn't find it, but there's something very nice I have to forward to you.

Today I woke up to a flood of emails with password reset confirmations. After doing a bit of research I can now put what happened into one forum post.

What happened?
Today a message got public that the DNS provider CloudFlare has had a breach for an unknown amount of time which sent parts of DNS data to other clients randomly. This includes confident data like PASSWORDS and ACCOUNTS. A ton of data and packets goes through CloudFlare services each day and you are part of the people sending that data. Whenever you are on a site proxied through CloudFlare like Discord, Google (including YouTube), FreshDesk (which support uses) and a few more you are about 0,00003% likely to have your data sent to someone at random PER REQUEST.

Technical stuff // How this happened
This is the part with stats for nerds.

Every time you request data from any server you need to have an account for your client asks for the data you want to get along with authentication and other important data. The data or packets get sent to the DNS server which lets you send it to the server you requested. If someone gets that data other than the server or you they get access to your account and if they decode it they have your login data basically. Now this rarely happens except if the DNS server decides to send data to people at random which shouldn't happen ever. Though CloudFlare did it because of a bug. As with most large scale bugs nobody knows how long this has been a thing. For all we know people could have taken data for months.

EDIT: IT'S BEEN RELEASED TO HAVE HAPPENED SINCE SEPTEMBER 2016.
EDIT 2: CloudFlare has confirmed this to be an error in their HTML parser here.

Now go change all your passwords, even on non CloudFlare sites. Also take your 2FA Codes and reset them. 2FA WILL NOT HELP HERE. If you find unauthorized access to an account of yours, it's likely too late. Google has logged every account out and tons of companies still will.

Thanks for reading, stay safe!

EDIT: The forums don't seem to be affected but still change your password and rotate 2FA.
EDIT 2: Updated some numbers
 
Last edited:
  • Like
Reactions: OnlyUltimate and TwilightPrinze
T

TwilightPrinze

The Flying Dutchman
Community Team!
Freedom! Member
Nov 13, 2014
12,067
3,320
Netherlands
dnhburgemeester.wix.com
YouTube
Twilight_Prinze
LW001 said:
Sorry if anyone's already made a thread about this and I couldn't find it, but there's something very nice I have to forward to you.

Today I woke up to a flood of emails with password reset confirmations. After doing a bit of research I can now put what happened into one forum post.

What happened?
Today a message got public that the DNS provider CloudFlare has had a breach for an unknown amount of time which sent parts of DNS data to other clients randomly. This includes confident data like PASSWORDS and ACCOUNTS. A ton of data and packets goes through CloudFlare services each day and you are part of the people sending that data. Whenever you are on a site proxied through CloudFlare like Discord, Google (including YouTube), FreshDesk (which support uses), community.tm (Will research this part more later) and a few more you are about 0,0003% likely to have your data sent to someone at random PER REQUEST.

Technical stuff // How this happened
This is the part with stats for nerds.

Every time you request data from any server you need to have an account for your client asks for the data you want to get along with authentication and other important data. The data or packets get sent to the DNS server which lets you send it to the server you requested. If someone gets that data other than the server or you they get access to your account and if they decode it they have your login data basically. Now this rarely happens except if the DNS server decides to send data to people at random which shouldn't happen ever. Though CloudFlare did it because of a bug. As with most large scale bugs nobody knows how long this has been a thing. For all we know people could have taken data for months.

EDIT: IT'S BEEN RELEASED TO HAVE HAPPENED SINCE SEPTEMBER 2016.

Now go change all your passwords, even on non CloudFlare sites. Also take your 2FA Codes and reset them. 2FA WILL NOT HELP HERE. If you find unauthorized access to an account of yours, it's likely too late. Google has logged every account out and tons of companies still will.

Thanks for reading, stay safe!
Click to expand...
I noticed it this morning where my mobile mentioned there had been changes with google and had to log in anew. Now with this thread i understand why. Thanks for the info!
 
LW

LW

Community Manager
Administrator
Moderator
Freedom! Member
Apr 2, 2016
3,043
1,253
23
Vienna, Austria
twitter.com
YouTube
lw_001
TwilightPrinze said:
I noticed it this morning where my mobile mentioned there had been changes with google and had to log in anew. Now with this thread i understand why. Thanks for the info!
Click to expand...
Yep, that's why Google logged everyone out of their accounts indeed. From what I've seen they're still logging out accounts as I can still use my main Google account but not the three other ones I have. They seem to log them out in alphabetical order as my father's account which starts with C was logged out earlier today...
 
T

TwilightPrinze

The Flying Dutchman
Community Team!
Freedom! Member
Nov 13, 2014
12,067
3,320
Netherlands
dnhburgemeester.wix.com
YouTube
Twilight_Prinze
LW001 said:
Yep, that's why Google logged everyone out of their accounts indeed. From what I've seen they're still logging out accounts as I can still use my main Google account but not the three other ones I have. They seem to log them out in alphabetical order as my father's account which starts with C was logged out earlier today...
Click to expand...
Good thing they undertake action to prevent further damage. Seems my account got logged out fairly early but still good to know what happened as google won't notify us it seems...
 
LW

LW

Community Manager
Administrator
Moderator
Freedom! Member
Apr 2, 2016
3,043
1,253
23
Vienna, Austria
twitter.com
YouTube
lw_001
  • Like
Reactions: TwilightPrinze
LW

LW

Community Manager
Administrator
Moderator
Freedom! Member
Apr 2, 2016
3,043
1,253
23
Vienna, Austria
twitter.com
YouTube
lw_001
TwilightPrinze said:
Since the service was affected by it i think it would be a wise thing to do.
Click to expand...
It may be though it's pretty unlikely most people are affected by it (0,00003% chance for each request). They've stated on their blog post that they will be evaluating a password force reset if it turned out more severe than they thought at first though the 0,0003% Google provided were set to only 0,00003% by CloudFlare on their post about it. In discord's blog they said:

At the current time we do not believe performing a forced password reset on all of Discord is necessary given the incredibly low likelihood of impact, but we are continuing to evaluate as we wait for Cloudflare to provide us directly with the full level of impact.
 
Tom Cryer

Tom Cryer

Active Member
Feb 13, 2016
82
13
YouTube
LW001 said:
Sorry if anyone's already made a thread about this and I couldn't find it, but there's something very nice I have to forward to you.

Today I woke up to a flood of emails with password reset confirmations. After doing a bit of research I can now put what happened into one forum post.

What happened?
Today a message got public that the DNS provider CloudFlare has had a breach for an unknown amount of time which sent parts of DNS data to other clients randomly. This includes confident data like PASSWORDS and ACCOUNTS. A ton of data and packets goes through CloudFlare services each day and you are part of the people sending that data. Whenever you are on a site proxied through CloudFlare like Discord, Google (including YouTube), FreshDesk (which support uses) and a few more you are about 0,00003% likely to have your data sent to someone at random PER REQUEST.

Technical stuff // How this happened
This is the part with stats for nerds.

Every time you request data from any server you need to have an account for your client asks for the data you want to get along with authentication and other important data. The data or packets get sent to the DNS server which lets you send it to the server you requested. If someone gets that data other than the server or you they get access to your account and if they decode it they have your login data basically. Now this rarely happens except if the DNS server decides to send data to people at random which shouldn't happen ever. Though CloudFlare did it because of a bug. As with most large scale bugs nobody knows how long this has been a thing. For all we know people could have taken data for months.

EDIT: IT'S BEEN RELEASED TO HAVE HAPPENED SINCE SEPTEMBER 2016.
EDIT 2: CloudFlare has confirmed this to be an error in their HTML parser here.

Now go change all your passwords, even on non CloudFlare sites. Also take your 2FA Codes and reset them. 2FA WILL NOT HELP HERE. If you find unauthorized access to an account of yours, it's likely too late. Google has logged every account out and tons of companies still will.

Thanks for reading, stay safe!

EDIT: The forums don't seem to be affected but still change your password and rotate 2FA.
EDIT 2: Updated some numbers
Click to expand...
thanks for your help!
 
You must log in or register to reply here.
Top Bottom