Cloudflare Memory Leak Disclosure and Impact


As many of you are aware a recent Cloudflare memory leak was reported. This exploit resulted in sensitive encrypted data being viewable in plaintext primarily through major search engine caches but potentially in realtime as well. As of this posting the exploit has been fixed and we’re told no further disclosures are occurring.

Host Might utilizes Cloudflare services for its own web properties. have so far found no sign that we were personally affected by this exploit. We have also been told by Cloudflare directly that there is no indication from their side that our websites or properties were involved in the leak. We will continue to ensure this is the case through both our own research and working with Cloudflare and any new information they can provide us.

Despite there being no indication of information disclosure from our websites or properties we strongly recommend all customers change their passwords just to be safe. Please use the following URLs to complete your resets:

Client Area Password Reset URL

If you are personaly using Cloudflare services for your websites , You need to change your websites passwords just to be safe.

For additional information regarding this exploit please refer to the following resources:

Official Cloudflare Incident Report
Initial Google Project Zero Issue
Hacker News Discussion

Thank you,

Host Might

Leave a Comment

Your email address will not be published. Required fields are marked *