Question

What are you doing or what should users do regarding the CloudFlare vulnerability?

How are users affected? What should we do apart from changing passwords?

(DigitalOcean is listed here https://github.com/pirate/sites-using-cloudflare)


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Top question, curious of DO’s recommendation.

At a minimum, rotating passwords that could have been exposed would make a lot of sense (and doesn’t hurt anyway).

If you’re running a site through Cloudflare yourself that allows users to login, invalidating sessions (to force a logout) probably wouldn’t hurt, possibly opting to recommend a password change to your users (possibly too drastic). If you’re running a site that storing potentially sensitive information, you would need to consider how you inform your users without making them worry - because, unless you know you were effected, its a precautionary measure. Cloudflare claims they will contact each site that is potentially part of the leak - not sure how true that is.

All of the above is not particular to DO though, so still keen on their input.

Cloudflare claims the discovered approximately 150 of Cloudflare’s customers data has been compromised. and they are contacting each of them individually. unless they confirm you are in that list, i think you dont need to worry that much. but you could always contact them regarding the issue for details.