Boards.ie passwords exposed by Cloudfare?

ongarite

Seeing this all over the web this morning.
Serious bug in Cloudfare could have exposed passwords, token data & other data requests to the internet.
Google & other sites have already cached the data for all to see on the web.

So whats boards.ie users exposure here?
Is it suggested to change your password ASAP?

https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

https://github.com/pirate/sites-using-cloudflare

The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to cleanup. I've informed cloudflare what I'm working on. I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.

Boards.ie: Mark

Thanks for the heads-up. A change of password following an event such as this is typically wise in any case. We're taking this very seriously and we're currently assessing the extent to which we may have been exposed to this bug.

Black Swan

It's always wise to change your password every so often, and this is a good time to do so. I just changed mine.

Boards.ie: Mark

Copy and paste of the text from the announcement that just went up:

Hi everyone,

It's not the note that any of us would have liked our Fridays to start on, but we're investigating a CloudFlare bug that may have impacted thousands of sites. CloudFlare was put in place last year following a number of DDOS attacks to help shield us from malicious traffic.

Although we have not been made aware of any breaches to date, there is a small chance that this bug has resulted in data being leaked, and we're taking it very seriously as a result.

In cases like this, it's always prudent to err on the side of caution and change your password. Bear in mind that other sites that use CloudFlare may be affected. You should change your password on these other sites, particularly if you happen to use the same password across multiple sites (now's not the time to be judgemental). That's why we felt it best to let you know as soon as possible. You can change your Boards password here.

If you want to get into the nitty gritty of the bug, you can read CloudFlare's blog post right here. Meanwhile, you can find an extensive list of sites that use CloudFlare here (bear in mind that not all sites listed will be affected).

Boards.ie: Mark

Update:

Ronan was in contact with CloudFlare and Boards.ie is not one of the domains where it has discovered exposed data in any third party cache (such as the Google search cache, for example). To put it simply, this means that, as far as we can ascertain, Boards.ie has not been affected by the CloudFlare bug that we detailed earlier.

CloudFlare has since patched the bug and it is no longer leaking data. It is also yet to find any instance of the bug being exploited. If anything changes, they will be in touch and we'll be sure to let you know ASAP.

D0NNELLY

I'd recommend if something is important enough to warrant a site wide announcement, then it should be pm'd to all users.

The announcements only show up on the full site. I happened across this thread from the latest posts list.

Boards.ie: Niamh

Thanks D0NNELLY, something to bear in mind for the future though we'd hope not to have to use it