Cloudflare Memory Leak Disclosure and Impact

As many of you are aware a recent Cloudflare memory leak was reported. This exploit resulted in sensitive encrypted data being viewable in plaintext primarily through major search engine caches but potentially in realtime as well. As of this posting the exploit has been fixed and we’re told no further disclosures are occurring.

Hawk Host utilizes Cloudflare services for its own web properties. We have searched extensively for any indication that our customers data was disclosed and have so far found no sign that we were personally affected by this exploit. We have also been told by Cloudflare directly that there is no indication from their side that our websites or properties were involved in the leak. We will continue to ensure this is the case through both our own research and working with Cloudflare and any new information they can provide us.

Despite there being no indication of information disclosure from our websites or properties we strongly recommend all customers change their passwords just to be safe. Please use the following URLs to complete your resets:

Client Area Password Reset URL
Forums Password Reset URL

For additional information regarding this exploit please refer to the following resources:

Official Cloudflare Incident Report
Initial Google Project Zero Issue
Hacker News Discussion

This entry was posted in General. Bookmark the permalink.

5 Responses to Cloudflare Memory Leak Disclosure and Impact

  1. Hung Nam says:

    Thank Hakhost!
    Thank you for using CloudFlare, security will be better customers.

  2. kaos polos says:

    always satisfied with Hawkhost service. thank you HW

  3. T G says:

    1 comment, and 1 question:

    – After I entered my email address for the Forum Password Reset, I never got the email, so I just went into my profile and changed the password there.

    – Are cPanel passwords OK and don’t need to be changed?

  4. T G says:

    The forum reset email eventually did show up … it is timestamped
    01:37:19 EDT … which appears to be about 50 minutes later than my previous reply.

    At this point, it’s a non-issue, but it does seem that it should take less than an hour for such an email to be generated and sent. The other one came right away.

  5. Mobile Notary says:

    Thanks for sharing this. Imo CloudFlare isn’t as good as people make out. Had tons of issues with it.

Leave a Reply

Your email address will not be published. Required fields are marked *