Cloudflare Memory Leak Disclosure and Impact

Posted on February 24, 2017 by Brian Farrell

As many of you are aware a recent Cloudflare memory leak was reported. This exploit resulted in sensitive encrypted data being viewable in plaintext primarily through major search engine caches but potentially in realtime as well. As of this posting the exploit has been fixed and we’re told no further disclosures are occurring.

Hawk Host utilizes Cloudflare services for its own web properties. We have searched extensively for any indication that our customers data was disclosed and have so far found no sign that we were personally affected by this exploit. We have also been told by Cloudflare directly that there is no indication from their side that our websites or properties were involved in the leak. We will continue to ensure this is the case through both our own research and working with Cloudflare and any new information they can provide us.

Despite there being no indication of information disclosure from our websites or properties we strongly recommend all customers change their passwords just to be safe. Please use the following URLs to complete your resets:

Client Area Password Reset URL
Forums Password Reset URL

For additional information regarding this exploit please refer to the following resources:

Official Cloudflare Incident Report
Initial Google Project Zero Issue
Hacker News Discussion

This entry was posted in General. Bookmark the permalink.

7 Responses to Cloudflare Memory Leak Disclosure and Impact

  1. Hung Nam says:
    February 28, 2017 at 1:56 am

    Thank Hakhost!
    Thank you for using CloudFlare, security will be better customers.

  2. kaos polos says:
    March 11, 2017 at 9:26 am

    always satisfied with Hawkhost service. thank you HW

  3. T G says:
    March 16, 2017 at 12:47 am

    1 comment, and 1 question:

    – After I entered my email address for the Forum Password Reset, I never got the email, so I just went into my profile and changed the password there.

    – Are cPanel passwords OK and don’t need to be changed?

  4. T G says:
    March 16, 2017 at 6:07 pm

    The forum reset email eventually did show up … it is timestamped
    01:37:19 EDT … which appears to be about 50 minutes later than my previous reply.

    At this point, it’s a non-issue, but it does seem that it should take less than an hour for such an email to be generated and sent. The other one came right away.

  5. Mobile Notary says:
    March 17, 2017 at 6:35 am

    Thanks for sharing this. Imo CloudFlare isn’t as good as people make out. Had tons of issues with it.

  6. kumar says:
    April 3, 2017 at 7:06 am

    The memory leak affected very few sites I think. Cloudflare is really good.

  7. Kaligrafi says:
    June 13, 2017 at 11:29 pm

    With couldfare our website so fast loading from any country

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.