Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Aside from being a black eye on Cloudflare, I don't see this issue being of much consequence. I have yet to see one real-world example of a screenshot or link to a cache of data of leaked data (sensitive or not). If anyone has an example, please share. As others have mentioned, the real fear is of what could have leaked, not what did leak.


There were a couple of examples of leaked data. Session stuff, API keys, cookies, oauth tokens, and so forth.

Uber: http://securityaffairs.co/wordpress/wp-content/uploads/2017/...

Fitbit: http://cdn.iphoneincanada.ca/wp-content/uploads/2017/02/clou...

OkCupid: https://trtpost-wpengine.netdna-ssl.com/files/2017/02/cloudb...

Oauth data: https://pbs.twimg.com/media/C5ZCRtMVMAEs0ca.png

Or were you asking about some consolidated treasure trove?

The real risk, to me, is that someone noticed this before Tavis did. They could have created a site with the right parameters and then scraped it for weeks. Cloudflare only had logs for 10 days of the multi-month exposure window, so they have no idea if someone did this or not.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: