03/06/2012 → Guxta → Comentários: 3
Acabo de receber um report de incidente de segurança da cloudflare. Comecei a lê-lo e vejam só, ela sofreu um ataque. Vamos ao texto:
On Friday, June 2, 2012 CloudFlare’s email system was targeted by a hacker. CloudFlare uses Google Apps for Business to manage its corporate email. Through a flaw in the Google Apps account security process, involving their system to recover lost accounts, the hacker was able to briefly access the contents of some CloudFlare employee email accounts. It is our policy to be transparent about incidents like this, so you can read a full writeup of the incident on our blog:
We have conducted an audit of all our systems. We have not uncovered any evidence that the hacker was able to obtain CloudFlare’s core systems or access our database. We have also been assured by Google that they have discovered and patched the flaw in their systems that allowed this attack. That said, we still consider this a serious incident. The email accounts that were accessed contain copies of many customer service tickets and CloudFlare invoices, some of which may have contained information like your email address. We are working with Google to determine exactly what messages were accessed during the approximately 30 minutes that the hacker had access to CloudFlare email accounts.
We wanted to make clear that even if the hacker had unfettered and prolonged access all data contained in the emails, the following pieces of data would still be secure:
- Credit Card Numbers: which are not stored on our servers, never emailed, and cannot be retrieved even by our own administrative staff.
- Account Passwords: which are hashed, not stored in plain text, never emailed, and cannot be retrieved even by our own administrative staff.
- DNS Zone Information: which is never emailed.
Because some users’ API keys did appear in the email accounts and customer service tickets, we have taken the precautionary step of reissuing new API keys. If you are using an API key to access the CloudFlare WordPress plugin or other service, you will need to get your new API key from your CloudFlare Account Page and reenter it for the service to continue to work.
Finally, if you are a Google Apps or Gmail user, we strongly recommend you establish two-factor authentication on your account and any accounts that are setup to be allowed to process an account recovery. While Google has assured us that this security flaw has been patched, this incident underscores the importance of maintaining the highest possible security on your email accounts.
We take these incidents very seriously. Please do not hesitate to reach out to us if you have any questions.
The CloudFlare Team
Quer dizer que a CloudFlare deu uma vacilada de leve e o seu sistema de e-mail foi invadido. Ou o cracker é bom para caralho e conseguiu invadir os servidores Google Apps for Business ou alguém da CloudFlare deu mole e a senha deste serviço conseguiu ser capturada. Voto na segunda alternativa, e vcs ?
Um ponto válido nessa história toda é que a empresa já enviou um comunicado para todos os seus clientes.
Atualização.: Lendo os detalhes repassados pelo leitor @marcioy, fica aparente que foi a Google que vacilou — resta saber se foi isso mesmo..
Atualização – 2: Eu não duvido é mais de nada..