PSA: Cloudflare "Cloudbleed" Data Leak and SpongePowered

TL;DR Do not joke around about this, CHANGE YOUR PASSWORD for Sponge’s web services, minecraftforums.net, patreon.com, discordapp.com, and everywhere else. Auth Login for Sponge: Auth Login. Sponge 2FA Section: 2FA Setup.

Greetings Sponge Community,

On Thursday, February 23rd 2017, Cloudflare let the general public know that a memory leak, corrupted web pages returned by some HTTP requests, had occurred and these “data dumps” potentially contained sensitive information such as passwords. The amount of data leaked is unknown but, as an example, Cloudflare states on their blog post (link below) that “The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests)”. While this seems like an extremely small amount of leakage, the severity is quite real and all it takes is one time for your personal data to be in a dump for you to be compromised. Keep in mind that while Cloudflare HAS fixed this, crawlers on the web already have the data leaked which is what really adds to the severity of this leak.

With that said, stop what you’re doing and evaluate your passwords. Get them changed and enable 2FA for any places that support it (such as Sponge). Also, don’t use the same password for each place (and if you have been, this is your wakeup call to STOP doing that!).

If you need help with changing your password on Sponge’s web services, reply back or PM a moderator/admin and we will be happy to help. Feel free to discuss below.

IMPORTANT SITES AND INFORMATION
Semi-Accurate List of Sites (and further information)
Cloudflare’s Blog Post on this incident
SpongeAuth (To Change Your Sponge Password)
Sponge 2FA Section

9 Likes

In case you’re unsure if you were breached, a great website to use is https://haveibeenpwned.com. However, keep in mind that a negative there is not a guaranteed negative.

4 Likes