PSA: Cloudflare security issue


Yesterday Cloudflare, which TruckersMP use for layer 7 protection, made a chilling incident report available. The issue was discovered by Tavis Ormandy from Google Project Zero, and was disclosed to Cloudflare, who mitigated the issue within 1 hour of the report.

They had a bug in their software which caused secret information to be exposed in HTTP reponses. The issue is so wide spread that in effect, it could potentially have exposed TruckersMP credentials, as well as other sites who use their services' information.

We're making this post as a quick heads-up and urge you to change passwords on your accounts, not just TruckersMP but any other site that use Cloudflare (ie. Discord). If you are a developer, or power user, roll your API keys as well.

ps. Just to make this explicitly clear: TruckersMP infrastructure has not been compromised, this applies to everyone who used Cloudflare, not just us.

FAQ

Q: But Cloudflare said only some sites where affected

A: That's true, only some sites leaked information, but there is no guarantee that the data leaked wasn't from us or someone else.

Q: Was any TruckersMP data leaked?

A: Not that we're aware of, but we operate with a better safe than sorry mentality.

Q: What is PSA?

A: Public Service Announcement we're not alone

Q: I'm running out of ideas for passwords!

A: We can suggest switching to a password manager like LastPass, 1Password, Dashlane, Keepass, KeepassX or Enpass

Title image by KacaKTV

Author


Tuxy Fluffyclaws

🐈 ❤