Comment by curuinor
8 years ago
Can we start a list of affected right now? I found:
OKCupid
Uber
people claiming 1Password, can't find
Lyft
Yelp
Pingdom
Digital Ocean
Montecito Bank and Trust
8 years ago
Can we start a list of affected right now? I found:
OKCupid
Uber
people claiming 1Password, can't find
Lyft
Yelp
Pingdom
Digital Ocean
Montecito Bank and Trust
I'm compiling a list of affected domains here, please submit PRs: https://github.com/pirate/sites-using-cloudflare
I'm currently running a DNS scraper to find more.
You should probably keep the porn sites on the list, folks have accounts at porn sites too
Good point, will do.
https://stackshare.io/cloudflare
RapGenius
Coinbase
Bitpay
Product Hunt
Udemy
Crunchyroll
Is your list "customers of cloudflare" or "customers of cloudflare that could have sensitive data cached by search engines"
For example, Digital Ocean uses cloudflare, but the domain with sensitive data (cloud.digitalocean.com) is entirely blocked from Search Engines https://cloud.digitalocean.com/robots.txt
It doesn't matter, your info could have leaked via other sites.
Ahh thank you that bit didnt click for me, that is scary
Lyft is not a Cloudflare customer (I work at Lyft).
I found:
FitBit
Hacker News
Stack Overflow
Zendesk
Discord
FastMail (not really see below)
We, FastMail, are not affected by this. We do not proxy TLS connections via any third party. We use CloudFlare for DNS distribution only, which is not part of this issue.
The least surprising message of the day. Thank you.
My Fastmail-money is well spent.
And this is why making that yearly payment for your service actually makes me happy. :)
More detailed information for others:
https://www.cloudflare.com/case-studies/fastmail/
Thanks for posting here, I was explicitly looking to see if anyone mentioned Fastmail after I saw it on that Github list. You might want to post something on your site if you haven't already, kinda like 1password did.
Stack Overflow is not directly affected (see http://meta.stackexchange.com/a/291482/151385). They stopped using CloudFlare before this issue was introduced.
Reddit is not affected.
Patreon
4chan used to use it apparently, don't know if affected
kik
Zoho CRM
change.org
Cloudflare itself, of course
Feedly
Anyone know if Zoho mail is vulnerable too?
According to doesitusecloudflare.com Zoho isn't using Cloudflare, was it previously?
To answer my own question Zoho isn't affected.
https://twitter.com/zoho/status/835109283922608130