Cloudflare was hacked, exposing millions of passwords ─ Change your password. Now

3 min read

Passwords… We all use them, but we all hate using secure ones. It’s true, we often use very insecure passwords when it comes to securing our most private accounts. In the image below, you’ll see what some of the most common passwords are from 2016, according to Keeper Security. Why is it that we often use these insecure passwords? Well, they’re easy to remember, of course.

CloudFlare, a huge DNS routing company that handles a quite a bit of the Internet’s most popular website traffic, was recently hacked. CloudFlare is popular among many website developers because they provide a certain caching type of DNS routing, making your website speedier. They also provide anti-DDOS tactics, brute-force prevention, and many more features.

Sadly, CloudFlare has had major security flaw, dating back to September. Basically, this leak allowed people to see behind the HTTPS (SSL) layer of CloudFlare and see private information being transferred between your computer and websites that interacted with CloudFlare. This includes passwords, cookies, and more.

Companies like 1Password use CloudFlare as their DNS router, but have multiple levels of encryption, so they state you’re safe; we still recommend changing ALL of your passwords, especially those affected by this security issue.

If you use the same password across many websites you’re the most likely to be potentially affected, as once the hackers get one of those website’s dumps of passwords, they can access anything else using that same password. A few examples of big sites affected by this issue include:

And that’s just scratching the surface, there are literally millions of websites affected by this.

This is why you should always have a good password manager and use unique passwords. A password manager allows you to have one place, secure, that you store all of your logins. It also normally allows you to generate long strings of unique text for passwords, like this:




How do you remember those passwords when you’re mobile, or at someone else’s house, one might ask. It’s simple, when mobile, most password managers like LastPass or 1Password have a mobile companion app that can help with filling in the passwords. But when you’re at a friend’s house? Either log onto the web version of your password manager, or view it on your phone and manually type it in. Yes, this might be a little cumbersome and annoying, but wouldn’t you rather that then risk your bank information security? Or even worse, Facebook!?

Seriously guys, visit the GitHub page or visit Does It Use Cloudflare for all of the affected websites, and if you use any of them, change your password to a unique string on that website immediately. If the password used on that website is used on another website, please change that too. Oh, and be on the lookout for an explained piece on password managers soon, and which ones we recommend!

Via: The Next Web