Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can we start a list of affected right now? I found:

OKCupid

Uber

people claiming 1Password, can't find

Reddit

Lyft

Yelp

Pingdom

Digital Ocean

Montecito Bank and Trust



I'm compiling a list of affected domains here, please submit PRs: https://github.com/pirate/sites-using-cloudflare

I'm currently running a DNS scraper to find more.


You should probably keep the porn sites on the list, folks have accounts at porn sites too


Good point, will do.


https://stackshare.io/cloudflare

RapGenius

Coinbase

Bitpay

Product Hunt

Udemy

Crunchyroll


Is your list "customers of cloudflare" or "customers of cloudflare that could have sensitive data cached by search engines"

For example, Digital Ocean uses cloudflare, but the domain with sensitive data (cloud.digitalocean.com) is entirely blocked from Search Engines https://cloud.digitalocean.com/robots.txt


It doesn't matter, your info could have leaked via other sites.


Ahh thank you that bit didnt click for me, that is scary


Lyft is not a Cloudflare customer (I work at Lyft).


I found:

FitBit

Hacker News

Stack Overflow

Zendesk

Discord

FastMail (not really see below)


We, FastMail, are not affected by this. We do not proxy TLS connections via any third party. We use CloudFlare for DNS distribution only, which is not part of this issue.


The least surprising message of the day. Thank you.

My Fastmail-money is well spent.


And this is why making that yearly payment for your service actually makes me happy. :)


More detailed information for others:

https://www.cloudflare.com/case-studies/fastmail/


Thanks for posting here, I was explicitly looking to see if anyone mentioned Fastmail after I saw it on that Github list. You might want to post something on your site if you haven't already, kinda like 1password did.


Stack Overflow is not directly affected (see http://meta.stackexchange.com/a/291482/151385). They stopped using CloudFlare before this issue was introduced.


Reddit is not affected.


Patreon

4chan used to use it apparently, don't know if affected

kik

Zoho CRM

change.org

Cloudflare itself, of course

Feedly


Anyone know if Zoho mail is vulnerable too?

According to doesitusecloudflare.com Zoho isn't using Cloudflare, was it previously?


To answer my own question Zoho isn't affected.

https://twitter.com/zoho/status/835109283922608130




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: