Cloudflare security breach - Account details might be compromised @Curse

Hyper

New Member
Apr 4, 2017
1
0
1
25
Netherlands
#1
Hai,

Last month (23-02-2017) there was a security breach on Cloudflare, which means a pretty substantial security breach for the affected websites at that time. I kind of figured that Enjin would have had a reply to this, but I just checked and couldn't find anything. So here I am to warn you still.

So what is Cloudflare, and how can it become a security risk? And what's the risk?

Well, the risk is simple: Your account details are out in the open, or at least... They have been for a while (a week or so).

How?
Enjin, just like many other sites uses Cloudflare, which is a cloud based proxy / CDN (Content delivery network), and is often used for caching purposed as well. This simply mean that all data that gets send on the websites who use this service, gets sent through Cloudflare as it handles all the requests as well. And obviously the response, including your login credentials will then be sent back.

Illustrated here:


So what breach was there?
A small 3.3 million requests were leaked with their responses, which included usernames and passwords with links to the corresponding websites.. Even worse.. According to some sources this data was even accessible using search engines. Whoops...

Now you might think: Lovely, but who cares.
Well.. They've released a list on Github of all the affected sites, which can be found here:
List on Github

It's a list with about 4.4 million sites, and most of them aren't really worth looking at. However.. This is quite interesting:
Github said:
curse.com (and some other Curse sites like minecraftforum.net)
So this simply means:
It is possible that your Minecraft details have been leaked, and your account might therefore be compromised. Someone might be able to login and possibly hack your account now.
So if you've used your account credentials on any of the Curse sites between September 22nd 2016 and February 18th 2017, it might be wise to at least change your password. Nobody would want their minecraft account to get hacked now would they?



Oh, and then the last question already answered:
"You've been gone for ages, why do you even care?"
- Well... I see quite a few old friends on here I feel that the least I could do is give them a heads up about this. It could be a lot of fuss about nothing, but I´d hate for anyone to get their accounts hacked.

More info here:
Cloudflare security breach @WordFence.com