• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Change.org sends password reset email after CloudBleed bug

February 25th, 2017 Waqas Security 0 comments
Change.org sends password reset email after CloudBleed bug
Share on FacebookShare on Twitter

Change.org, a famous online petition website is sending emails to its registered petitioners encouraging them to change their account password on the website. The email came days after Google employee, Tavis Ormandy of Project Zero exposed Cloudbleed bug that seems to have leaked sensitive and personal information passing through websites using CloudFlare’s service.

The email states that Change.org has received notification from CloudFlare about a security issue that may have exposed the personal information of some users who utilize their services. Although there is no evidence that Change.org has been directly affected by this issue, yet for users security, it is advisable to change their password. Here’s a full preview of the email sent by Change.org:

We wanted to share some information we received recently from Cloudflare, a popular web services provider that we use at Change.org, about a security issue that may have exposed the personal information of some users who utilize their services. We have received confirmation from Cloudflare that there is no evidence that Change.org has been directly affected by this issue. However, when issues like this occur, it’s always a good idea to change your password to provide an extra level of security, which you can do at the link below:

We want you to feel safe when using our services and we have been monitoring this situation closely to ensure it does not affect our users. If you are ever in doubt about the security of your accounts with us, feel free to contact Change.org directly through our Help Center. The Change.org Team.

Screenshot of email sent by Change.org

[fullsquaread][/fullsquaread]

Cloudbleed – Behind the scenes

Cloudbleed is a bug which is alleged to have originated from the renowned company Cloudflare. As you may already know, Cloudflare offers internet security and infrastructure to some of the world’s biggest tech companies. These include Cisco, Zendesk, Nasdaq etc. As such, if you have used a website that uses CloudFlare’s services, chances are that your information may also have been leaked unceremoniously by this bug.

How does it work?

Cloudbleed may not be as dangerous as Heartbleed. However, it is being speculated that the damage caused by Cloudbleed is still not completely known. As such, the actual damage may be a lot more. Up till now, only 3400 websites are reported to have been affected by the bug. However, these websites were Cloudflare’s clients. There might be a number of other websites that might also have been affected.

Essentially, secured websites whose addresses have “https”, instead of just “HTTP”, in the beginning, prevent private information such as one’s address or passwords to be leaked and Cloudflare provides the necessary infrastructure for the secure movement of information between such websites. However, due to Cloudbleed, the information got saved and was also cached by search engines such as Google. Hence, the information could be easily retrieved by any hacker.

As of now, all that is known is that Change.org, Uber, OKCupid, and FitBit are among the websites that were affected. However, the good news is that Cloudflare has now fixed the bug and it is no longer on the loose.

How to defend oneself from the bug?

To date, there is no clear-cut answer to this. What has been leaked cannot be made secure again. Nevertheless, one should change one’s passwords immediately. Furthermore, websites that use Cloudflare are to be avoided. Cloudflare has a list of the clients that it serves on its website.

For Cloudflare’s clients, it might be a good idea to release a forced alert to your visitors instructing them to change their passwords.

[fullsquaread][/fullsquaread]

If you have an account on Change.org it is advised to change your password. Also, Change.org lets users sign in with their Facebook account so if you have ever signed in using your Facebook account change your Facebook account password as well.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Bug
  • Cloud Bleed
  • Cloud Flare
  • hacking
  • Heartbleed
  • internet
  • Privacy
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Cellebrite Can Now Unlock, Extract Data From iPhone 6 and 6 Plus
Next article Evolved Version of MongoDB Ransomware Caught Targeting MySQL Databases
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us