Results 1 to 6 of 6
  1. Webmaster, UsingEnglish.com
    Interested in Language
    • Member Info
      • Native Language:
      • British English
      • Home Country:
      • England
      • Current Location:
      • England

    • Join Date: Nov 2002
    • Posts: 3,739
    #1

    Exclamation Change your passwords!

    Dear UsingEnglish.com community,

    Over the last few days there has been a lot of buzz on the internet about something called CloudBleed.

    TL/DR
    In short, web services and security company Cloudflare found a tiny bug which has led to an unknown quantity of data - including passwords, personal information, messages, cookies, and more - to leak all over the internet. In other words: itís time to change your passwords. All of them.

    Summary
    The services from Cloudflare are used behind some of the largest and most popular sites on the internet, including UsingEnglish.com. Cloudflare has fixed the core bug which caused this issue, but the bad news is that sites have been leaking data for months now, possibly since September last year.

    UsingEnglish.com started using Cloudflare on January 7th this year, abut many many other sites on the internet use Cloudflare. Their clients include huge companies like Uber, OKCupid, 1Password, and FitBit (thankfully 1Password claim that their user data is safe).

    Due to the way the leak happened, the exposed data was also cached by Google and other sites, which means that anyone can potentially find and view this data. Cloudflare now has to hunt it all down before hackers find it.

    The fact that so much of that data was cached across different sites means that, while Cloudflareís initial patch stopped the leaking, the company needs to do lots of hunting around the web to ensure that all of the leaked data gets scrubbed. And even worse, even sites that donít use Cloudflare's service - but have a lot of Cloudflare users - might have compromised data on their servers.

    However, for now, you should change your passwords - all of them - and implement two-factor authentication everywhere you can.

    Entrepreneur and security expert Ryan Lackey has offered some good advice:


    Cloudflare is behind many of the largest consumer web services (Uber, Fitbit, OKCupid, Ö), so rather than trying to identify which services are on Cloudflare, itís probably most prudent to use this as an opportunity to rotate ALL passwords on all of your sites.
    ...
    Users should also log out and log in to their mobile applications after this update. While youíre at it, if itís possible to use 2FA or 2SV with sites you consider important.
    More information

    Much of the information in this post has been cobbled together directly from this post on Gizmodo. I am not a security expert, but I needed to provide UsingEnglish.com users with the information they needed to secure their profiles here and logins elsewhere on the web.

    You may find the following resources of interest too:


    I'm not a teacher, so please consider any advice I give in that context.

  2. Editor, UsingEnglish.com
    English Teacher
    • Member Info
      • Native Language:
      • British English
      • Home Country:
      • UK
      • Current Location:
      • Japan

    • Join Date: Nov 2002
    • Posts: 66,246
    #2

    Re: Change your passwords!

    Although it is worth pointing out that we don't store much personal data- we have an email address and a date of birth, which could be true or not. We don't have any further information.

  3. VIP Member
    Interested in Language
    • Member Info
      • Native Language:
      • American English
      • Home Country:
      • United States
      • Current Location:
      • United States

    • Join Date: Dec 2015
    • Posts: 14,254
    #3

    Re: Change your passwords!

    The valuable information would be users' login credentials - username and password. Many people routinely use the same credentials for multiple accounts.
    I am not a teacher.

  4. Webmaster, UsingEnglish.com
    Interested in Language
    • Member Info
      • Native Language:
      • British English
      • Home Country:
      • England
      • Current Location:
      • England

    • Join Date: Nov 2002
    • Posts: 3,739
    #4

    Re: Change your passwords!

    As Tdol said, it's true that we have very little personal information here at UsingEgnlish.com. It's also true, as GoesStation suggests, that people could potentially detect passwords and emails used here and be able to access other logins for a user on other sites.

    However, leaked data from other sites includes a raft of things I'm sure users would rather keep private. The secruity professional who discovered this issue, Tavis Ormandy, wrote:

    We keep finding more sensitive data that we need to cleanup. I didn't realize how much of the internet was sitting behind a Cloudflare CDN until this incident.

    The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.
    This definitely needs to be taken very seriously, and passwords need to be changed. The risk to accounts being compromised is significant.
    I'm not a teacher, so please consider any advice I give in that context.

  5. Editor, UsingEnglish.com
    English Teacher
    • Member Info
      • Native Language:
      • British English
      • Home Country:
      • UK
      • Current Location:
      • Japan

    • Join Date: Nov 2002
    • Posts: 66,246
    #5

    Re: Change your passwords!

    Quote Originally Posted by GoesStation View Post
    The valuable information would be users' login credentials - username and password. Many people routinely use the same credentials for multiple accounts.
    Good point, but bad policy.

  6. probus's Avatar
    Moderator
    Retired English Teacher
    • Member Info
      • Native Language:
      • English
      • Home Country:
      • Canada
      • Current Location:
      • Canada

    • Join Date: Jan 2011
    • Posts: 4,228
    #6

    Re: Change your passwords!

    Thank you Red5. Yours was by far the most informative discussion of the topic I have seen. I shall certainly follow your recommendations. Thank you again.
    Last edited by probus; 11-Mar-2017 at 03:31.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •