Comment by chm

8 years ago

Some important parts:

    The examples we're finding are so bad, I cancelled some
    weekend plans to go into the office on Sunday to help
    build some tools to cleanup. I've informed cloudflare
    what I'm working on. I'm finding private messages from
    major dating sites, full messages from a well-known
    chat service, online password manager data, frames from
    adult video sites, hotel bookings. We're talking full
    https requests, client IP addresses, full responses,
    cookies, passwords, keys, data, everything.

    Cloudflare pointed out their bug bounty program, but I
    noticed it has a top-tier reward of a t-shirt.

    Cloudflare did finally send me a draft. It contains an  
    excellent postmortem, but severely downplays the risk
    to customers.

6 comments

chm

rrdharan 8 years ago

Connecting some dots, I'm wondering if the "well-known chat service" is Slack:

http://www.computing.co.uk/ctg/news/2462266/whatsapp-reddit-...

Deimorz 8 years ago
I'm fairly sure that it's Discord.
- PuffinBlue 8 years ago
  
  Yes, I found some leaked data referencing Discord still in Google's cache so I'd say it's them.
  
  3 replies →