AmberCutie's Forum
An adult community for cam models and members to discuss all the things!

Cloudflare security breach.

  • ** WARNING - ACF CONTAINS ADULT CONTENT **
    Only persons aged 18 or over may read or post to the forums, without regard to whether an adult actually owns the registration or parental/guardian permission. AmberCutie's Forum (ACF) is for use by adults only and contains adult content. By continuing to use this site you are confirming that you are at least 18 years of age.
Status
Not open for further replies.
JerryBoBerry

JerryBoBerry

V.I.P. AmberLander
Jul 6, 2011
7,029
16,603
793
Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.

Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was triggered the response would include data from ANY other cloudfare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn't use those features. So the potential impact is every single one of the sites using CloudFare's proxy services (including HTTP & HTTPS proxy).

Check your password managers and change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-FA set up for important accounts. This might sound like fear-mongering, but the scope of this leak is truly massive, and due to the fact that all cloudflare proxy customers were vulnerable to having data leaked, it's better to be safe than sorry.

Theoretically sites not in this list can also be affected (because an affected site could have made an API request to a non-affected one), you should probably change all your important passwords.

This article says 3400 websites, but they're a bit low. Among the affected: Uber, Fitbit, OKCupid...

Here's a zipped text file from github containing 4,287,625 possibly affected domains. But there's more coming in every moment. So to be safe, change every single password you use on every site and app.

https://github.com/pirate/sites-using-cloudflare/archive/master.zip

@AmberCutie Xenforo is also on that list. So you may want to change passwords associated with the forum too.
 
  • Helpful!
Reactions: Sevrin, Keziah and ExcellaExe
JerryBoBerry said:
@AmberCutie Xenforo is also on that list. So you may want to change passwords associated with the forum too.
Click to expand...
Yep we got the notification about it. I recommend people change their passwords frequently anyway, so now is a great time. :)
 
  • Like
Reactions: ExcellaExe and JerryBoBerry
I rotate my passwords regularly with lastpass. I high recommend them for those reading this that have a lot of need for highly secure passwords and keys.
 
  • Like
  • Helpful!
Reactions: Lelo1, fandango and Keziah
Excella_4Fun said:
I rotate my passwords regularly with lastpass. I high recommend them for those reading this that have a lot of need for highly secure passwords and keys.
Click to expand...

Hi five on the Lastpass. I used to be one of those people who had the same really simple one word password for every site.

I've been using them too for a while now and they are great, the browser add on and apps let you access your passwords on any device and for popular sites it can even change your passwords automatically. Best of all it's free for the features most people will ever use and only $12 a year if you want the premium service. I highly recommend it too.
 
  • Like
Reactions: ExcellaExe
fandango said:
Hi five on the Lastpass. I used to be one of those people who had the same really simple one word password for every site.

I've been using them too for a while now and they are great, the browser add on and apps let you access your passwords on any device and for popular sites it can even change your passwords automatically. Best of all it's free for the features most people will ever use and only $12 a year if you want the premium service. I highly recommend it too.
Click to expand...
I honestly would not be able to keep track of new, 18 letter random passwords every six weeks otherwise for the sites I work for during my day job without Lastpass. I even have it on my phone so I don't have to try to remember passwords on my phone. Definitely worth the $12 a year.
 
Excella_4Fun said:
I honestly would not be able to keep track of new, 18 letter random passwords every six weeks otherwise for the sites I work for during my day job without Lastpass. I even have it on my phone so I don't have to try to remember passwords on my phone. Definitely worth the $12 a year.
Click to expand...


Give Keepass a look. Very similar. Free, and also has apps for phone/tablets. Plenty of plugins too. Some that back up files to your cloud folders, importing... Also has portable version so you can carry it and the database on a flash drive.
 
  • Helpful!
Reactions: ExcellaExe
I've used mSecure for several years on my Mac and iOS devices. I have two or three hundred entries, and it would be impossible to remember them all.
 
FYI search engines were getting the data by accident. By the time the issue was fixed there were over 2,000,000 + index of cloudbleed data. Each one containing lots of data.
 
Osmia said:
I have two or three hundred entries, and it would be impossible to remember them all.
Click to expand...

Same here. Currently at 277 entries in Keepass. All of them between 12 and 65 characters in length, all different. I've never even looked at any of them to try to remember them. Only two passwords I know are the main one to get into Keepass, and one to get into one of my cloud services where I have one of the 13 backups of the Keepass database itself.
 
  • Like
Reactions: Osmia
Okay so I just downloaded LastPass on my phone. I have apps for things like banking, PayPal, etc - can someone help me out with setting it up so I can use it for apps? (Does that make sense? I changed a bunch of passwords for websites already but I'm hoping to be able to use it on apps on my phone!)

Also say I log into a computer at school -- can I just log into FastPass and then have access to my passwords? I often have to use different computers at school and work so I'm not always on my main desktop.

Thank you in advance haha I am no bueno with this stuff
 
GenXoxo said:
Okay so I just downloaded LastPass on my phone. I have apps for things like banking, PayPal, etc - can someone help me out with setting it up so I can use it for apps? (Does that make sense? I changed a bunch of passwords for websites already but I'm hoping to be able to use it on apps on my phone!)

Also say I log into a computer at school -- can I just log into FastPass and then have access to my passwords? I often have to use different computers at school and work so I'm not always on my main desktop.

Thank you in advance haha I am no bueno with this stuff
Click to expand...

What phone do you have? I have an Android tablet and an iPhone. On the Android it will automatically fill out the username and password fields on any apps that is recognises but that doesn't work on the iPhone and you have to open the LastPass app and manually copy and paste it into the other app you want to use.

For the initial set up I found it was much better to just use the PC as it automatically added all the accounts I had saved in the browser to the Lastpass vault and I could just go through them all and set a new random generated password much faster than with the phone. It is still possible with the phone but it is more of a fuss and would take longer. Then at the end I had to just manually add any that were only on my phone.

And yeah if you want to use it on your school computers you can just go to Lastpass.com and log in there.
 
  • Helpful!
Reactions: Gen and Osmia
fandango said:
What phone do you have? I have an Android tablet and an iPhone. On the Android it will automatically fill out the username and password fields on any apps that is recognises but that doesn't work on the iPhone and you have to open the LastPass app and manually copy and paste it into the other app you want to use.

For the initial set up I found it was much better to just use the PC as it automatically added all the accounts I had saved in the browser to the Lastpass vault and I could just go through them all and set a new random generated password much faster than with the phone. It is still possible with the phone but it is more of a fuss and would take longer. Then at the end I had to just manually add any that were only on my phone.

And yeah if you want to use it on your school computers you can just go to Lastpass.com and log in there.
Click to expand...

Ah thank you! That was super helpful :) I have an iPhone so I will just get used to opening the app, haha.
 
Status
Not open for further replies.

Similar threads

BlackWizard
Cosmopayment problem
Replies
12
Views
160
Ask-a-Model!
BlackWizard
BlackWizard
ShineModel
    • Like
ShineModel — Advanced Tools for Models and Studios. (restream, multichat, remote access)
Replies
0
Views
245
General Cam/Creator Chat
ShineModel
ShineModel
cexmental
  • Locked
  • Question
Synergy (All-in-1-App) 8/18/24 Update
Replies
0
Views
156
Chaturbate
cexmental
cexmental
Official_Lovense
Elevate Your Cam Show Experience with the new Lovense Mission 2
Replies
0
Views
128
General Cam/Creator Chat
Official_Lovense
Official_Lovense
P
    • Like
  • Locked
Major Cam sites stats - New cams stats
Replies
5
Views
1K
Random Chat
podumet
P
Top Bottom
Back