DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CloudFare breach cause for concern (updated)

Posted on June 2, 2012 by Dissent

Given the number of hacks revealed on a daily basis, I long ago gave up on trying to mention them all on this blog, but this one merits its own entry.

Eduard Kovacs reports that although CloudFare has acknowledged it was compromised, the co-founder and CEO may not be correct in his understanding of the breach:

“This morning a hacker was able to access a customer’s account on CloudFlare and change that customer’s DNS records. The attack was the result a compromise of Google’s account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps,” Prince explained.

He believes that the attackers somehow “convinced” Google’s account recovery process to add an arbitrary recovery email address to his personal Gmail account.

“The password used on my personal Gmail account was 20+ characters long, highly random, and not used by me on any other services so it’s unlikely it was dictionary attacked or guessed,” he added.

The most interesting fact, according to Prince, is that his account had been protected with a two-factor authentication system.

After analyzing the incident, Google’s security team has determined that “a subtle flaw in the recovery flow” of certain accounts allowed the hackers to compromise the account.

But the hackers involved claim that that’s not what happened:

“Nah. There’s no way you can social engineer a Google App. I don’t know what he was talking about. We did get in his emails though: [email protected] and [email protected],” Cosmo told Softpedia.

“We got into their main server. We could see all customer account information, name, IP address, payment method, paid with, user ID, etc. and had access to reset any account on CloudFlare,” he said.

Furthermore, the hackers plan on selling all the information they obtained on Darkode.

This type of hack – where the hackers intend to sell the data they acquired – takes things to a whole other level. If you’ve used Cloudfare, you should probably be taking steps immediately to protect your accounts. And if the hackers are truthful – that this had nothing to do with Google’s two-factor authentication – then it may mean that CloudFare is still insecure or vulnerable to a repeat compromise, which could affect the company’s ability to earn existing and potentially new customers’ trust.

Hopefully, CloudFare will respond to the hackers’ assertions with an update to their blog.

Update: CloudFare updated their blog with a more detailed explanation of how the information may have been obtained and it’s not quite what they thought originally, but kudos to them on their disclosure of social engineering so that everyone can learn how to protect themselves better.

Related posts:

  • #UGNAZI Breached Cloudflare to Change DNS Via Google Flaw
  • Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug
  • Forbes Breach Email Statistics
  • Main stream Media will take anything, LulzSec & Anonymous are not Extremist
Category: Breach IncidentsBusiness Sector

Post navigation

← 4Chan.org Hacked, Defaced and data stolen & Statement for Admin – by #UGNazi
China Bearing Commercial Community Hacked, 30,000+ Accounts Leaked @DeadMellox →

1 thought on “CloudFare breach cause for concern (updated)”

  1. JJ says:
    June 4, 2012 at 8:53 am

    This is actually CloudFlare, a DDoS mitigator. They had a write-up awhile ago when LulzSec was using them to keep their site up during their rampage. http://www.it-networks.org/2012/03/01/how-cloudflare-kept-lulzsec-safe/

    This had the potential to redirect every single one of CloudFlare’s customers to phishing sites.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.