Incident report on Cloudflare parser bug

Incident report on Cloudflare parser bug

Cloudflare reported final night time a bug in their service which may have leaked info from the providers utilizing their edge cache servers.

Feedly makes use of Cloudflare as a safety defend which will increase the reliability and efficiency of the Feedly internet software. As such, Cloudflare knowledgeable us it’s potential that a number of the Feedly Internet request carried out between Feb 13 and Feb 18 might need been impacted by the data leak.

Regardless of the 1 in three,300,000 probabilities of being impacted, we suggest to be additional cautious and take the next actions:

1/ If you’re utilizing the Feedly login/password, change your password. Go to the Logins page and alter your password. Observe: in case you are utilizing a third-party login possibility like Google, Fb, or Twitter, you’re NOT impacted and don’t want to vary your password [1].

2/ Logout and log again in. On Feedly Internet, click on on the face bubble icon (on the high proper of the display screen), choose the logout possibility after which log again in. This may invalidate your previous session/cookies and create a model new one.

Our engineering workforce has a observe up name with the Cloudflare workforce later this afternoon and we’ll replace this submit if we study something that adjustments these suggestions.

We wish to thank the Cloudflare workforce for the way effectively they dealt with this case. It’s the way you handle exceptions that defines your model, and Cloudflare did very well regardless of what might need been a really anxious second for them. We stay up for persevering with to work with them to make Feedly safer and extra dependable.

Please tell us if in case you have any questions.

-Seb, David, and Edwin

[1] The third occasion login authentication is carried out by way of OAuth. You login immediately with these third occasion websites and Feedly solely will get an authentication token. One of many advantages of OAuth is that Feedly or Cloudflare by no means get to see your third occasion passwords.

 

Go to Source
Writer: Edwin Khodabakchian

Powered by WPeMatico