1. This forum is for website and forum feedback ONLY. Please post Starbound bugs in the Support section. Any game-specific threads in this forum will be deleted.

Resolved Cloudflare Security Flaw - playstarbound.com affected

Discussion in 'Website Feedback/Issues' started by Saran, Feb 24, 2017.

  1. Saran

    Saran Void-Bound Voyager


    There has been a major security flaw within Cloudflare.
    More than 5mln sites were affected. Yes, playstarbound too.
    Change your passwords, rotate API keys & secrets.

    Of the sites compromised, most notably there is Reddit, Uber, StackOverflow, Patreon, DigitalOcean, 4chan, and many many more. You can check which sites were affected by this on the readme of this github page https://github.com/pirate/sites-using-cloudflare
    Sorry for the topic, but is pretty important.
  2. Jonesy

    Jonesy Sarif's Attack Kangaroo Forum Moderator

    Thank you for pointing it out. We had an internal memo about it yesterday, and we're discussing the possibility of a public announcement on the matter.
  3. Grubageddon

    Grubageddon Title Not Found

    Whether to publicly announce it or not should not be in question. The only thing that should be discussed is how to alert people.

    Keeping security breaches secret from customers is an incredibly good way to lose customer loyalty when they find out.
  4. Jonesy

    Jonesy Sarif's Attack Kangaroo Forum Moderator

    The 'how' part is what I meant. We're looking into using the alert system, on top of the more typical announcement thread.
    Grubageddon likes this.
  5. Grubageddon

    Grubageddon Title Not Found

    Cool beans. I rather like that idea. Using both would provide a better chance for everyone to catch it.
  6. Hi Grubageddon,

    Thank you for your concern. We have made a thread regarding the issue. While it is possible that data may have been exposed, Cloudflare has not found any data from our site in search engine caches, which is where most of the concerns are.

    The "5 million" number is roughly the number of sites that use at least part of Cloudflare's service (not necessarily the service which the leak was caused by), and simply using Cloudflare doesn't mean that a site had any data leaked. Cloudflare stated in their email that they only found approximately 150 sites that had any exposed data cached. Unless someone else was aware of the issue before Google's Project Zero team found and reported it to Cloudflare, it is likely not a concern for users but we are recommending a change of password just in case.
    Last edited: Mar 1, 2017
    Jonesy, Katzeus and Grubageddon like this.

Share This Page