We use Cloudflare for DDoS mitigation and certain other benefits it offers. Like millions of websites that rely on Cloudflare, we are also susceptible to #Cloudbleed. Ever since the details emerged from Clourdflare, we have started our analysis of impact this may have on our services.
So far these are our observations:
- We have received a confirmation from Cloudflare that our domain names are not found in any of the crawler caches they could look into.
- We have verified that the access security mechanisms adopted by our end-user products applications can defend the sort of data leaks possible due to Cloudbleed vulnerability.
- We assessed that the risk of any privacy breach is also extremely low.
However, some of our web properties are susceptible to breach from such an exploit. We currently assess the probability of such breach is negligible. We are further investigating and analyzing the matter. We will keep all our users posted as we discover anything relevant or when we conclude our investigation.
From what we understand thus far, there is no cause of concern for your data, passwords or access security to your accounts.
=====
Given the negligible probability of our services being impacted, we have concluded that we will not be doing anything specifically for this vulnerability. We have a roll-out of a new multi-factor authentication model planned for all of our web properties. This is expected to reset all current auth tokens and schemes. Therefore, any unknown minor impact this breach might have had, we expect, will be subsided in a short period of time.
[Updated: 5th March]