Cloudbleed Security Breach :: Heroes of the Storm discussion on HeroesFire

As some of you may have heard, another major security breach has come to light that affects all of us, this one is named Cloudbleed. I wanted to provide a little info for you all and also address what this means for our own sites, as we use Cloudflare.

First off, what is Cloudflare? They are a service that sits between a website and its users. If a site is running through Cloudflare, any request you make to that site passes through Cloudflare's servers first before being sent on to the actual site's own servers. There are a whole lot of benefits from doing this, but the biggest two are distributed caching (faster load times, lower bandwidth costs) and DDoS protection. A number of services exist to do this, but Cloudflare is probably the biggest. A huge slice of the internet uses Cloudflare.

Now, what is Cloudbleed? Cloudbleed is a bug that Cloudflare had in their code which, in short, caused random bits of data (potentially any data that passed through their servers) to be leaked to the public for a period of time (seems like around 6 months). This data could have originated from any site that uses Cloudflare, and it could have been unimportant data like HTML fragments, or it could have been sensitive data like passwords and private messages.

So how bad is it? Luckily it was only a tiny portion of requests that leaked data in this way, and Cloudflare had time to fix the bug before it became widely known. However, some of this leaked data was cached by search engines and crawlers. Cloudflare has been working with Google, Bing, etc... to find, track and purge any such cached data. So, really it's hard to say just how bad it is, but it certainly wouldn't hurt to change some of your most important passwords.

How does it affect HeroesFire and our community? Well, like every Cloudflare site, there was the potential for HeroesFire data to be leaked by other Cloudflare sites. However, Cloudflare has been contacting all of their customers to inform them of whether or not any of their data was leaked. They reached out to us and told us that no information from any of our sites has been discovered in the wild, and that they will inform us if they find any in the future.

So, the MOBAFire Network itself seems to be unaffected, but due to the amount of sites that use Cloudflare, odds are good you have used other sites that may have been affected. So again, it might be wise to change some of your most important passwords.

Here are links for more information;

Official statement: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Reddit discussion: https://www.reddit.com/r/programming/comments/5vtv16/cloudflare_have_been_leaking_customer_https/

List of potentially affected sites: https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

List of sites with confirmed leaks: http://doma.io/2017/02/24/list-of-affected-cloudbleed-domains.html