MMO-Champion, Curse.com, and other websites in the Curse network use Cloudflare as a reverse-proxy, to distribute load of incoming requests and to mitigate incoming DoS attacks, among other things.
This isn't entirely surprising. There are roughly 5.5 million websites world-wide that use Cloudflare, including some big players like Reddit and Discord. However, engineers working at Google discovered a bug--now being named "CloudBleed"--in Cloudflare's code which caused the proxy service to occasionally dump large amounts of personal data--including possibly passwords and login tokens--into random individuals' browsers. You can read all the nitty-gritty details about it from Cloudflare's own blog: https://blog.cloudflare.com/incident...re-parser-bug/
At this time, it is not believed that any malicious parties were able to reliably exploit the bug. But with such a large slice of the internet affected by the bug (5.5 million websites is a lot), it is very difficult to rule that out. Therefore, security experts are treating CloudBleed as a VERY serious issue, and are encouraging users of affected websites to change their passwords immediately as there is a chance that they have been compromised.
MMO-Champion.com, Curse.com, and various other websites in the curse.com network all utilize Cloudflare and have been recognized as being potentially affected by this bug. Therefore, all users of this website should consider updating their passwords simply as a precautionary measure.
You should also update your auth tokens if you use any on sites that has Cloudflare as it is also possibly leaked as stated in the post.
This is just a total messup on so many levels.
Recent Blue Posts
Dragonflight Season 4 Content Update Notes
Dragonflight Season 4 Content Update Notes
The War Within Alpha - Delves Feature Overview
MMO-Champion
Recent Forum Posts
[CloudBleed] MMO-Champion, Curse.com potential security leak
Reply With Quote
