1.   February 24, 2017  
    Pooppickle's Avatar
    Pooppickle
    Banned

    Cloudbleed - May want to change your passwords.

    Without getting into it, there's a chance your account was compromised by cloudbleed, Warmane along with millions of other sites including some of the largest on the internet leaked sensitive information including but not limited to passwords and credit card info.

    Considering only something like 1 in every 3,300,000 requests was leaked to easily accessible caches, not to mention there's little reason for anyone to try to get Warmane accounts, the odds of something happening to anyone are exceedingly low, but... Still thought it was worth bringing up.

    http://www.doesitusecloudflare.com/?...warmane.com%2F
    Edited: February 24, 2017
  2.   February 24, 2017  
    Misdreavus's Avatar
    Misdreavus
    Member
    Yup must of been account was logged in 2 days ago and all my gold was taken, Gms dont really care about it to disclose any information though...
  3.   February 24, 2017  
    Pooppickle's Avatar
    Pooppickle
    Banned
    I am surprised Warmane hasn't said anything about this
  4.   February 24, 2017  
    Mercy's Avatar
    Mercy
    Field Medic Moderator
    You guys really should be changing your passwords once per month anyway.
  5.   February 24, 2017  
    Pooppickle's Avatar
    Pooppickle
    Banned
    yes but waiting a month in this case could be fatal
  6.   February 24, 2017  
    Obnoxious's Avatar
    Obnoxious
    Moderator
    I can't comment regarding account information (I just don't know, you'd need someone like Edifice to comment on that), but I know we don't store any credit card information. All that is handled solely by Paymentwall and their own secure and encrypted widget, which is all we have in our page.
  7.   February 25, 2017  
    Pooppickle's Avatar
    Pooppickle
    Banned
    Originally Posted by Obnoxious
    I can't comment regarding account information (I just don't know, you'd need someone like Edifice to comment on that), but I know we don't store any credit card information. All that is handled solely by Paymentwall and their own secure and encrypted widget, which is all we have in our page.
    https://support.cloudflare.com/hc/en...oudflare-work-

    All traffic on cloudflare websites is routed through their servers, account information would definitely be among potential leaked data.

    But you are right that Paymentwall does not use Cloudflare. Not knowing any better I'd say that info is probably safe even if entered through this site, though I'm not sure what level of passthrough takes place between Warmane and Paymentwall when those fields are filled.
    Edited: February 25, 2017
  8.   February 25, 2017  
    Obnoxious's Avatar
    Obnoxious
    Moderator
    That's a widget. The information isn't "entered through this site." It's a frame that loads directly from Paymentwall and the information entered only goes through the secure connection created within that widget. No transaction data is sent to our page or goes through our page, the only thing that happens is a reference being sent to create the donation, so it can be redirected to the correct account when Paymentwall finishes processing it all and gives us their okay. You can even check that when you click the Donate option, an external API from Paymentwall is what gets loaded.
  9.   February 25, 2017  
    Pooppickle's Avatar
    Pooppickle
    Banned
    what i meant to say is that this site enables that information to be entered and i wasn't sure how the process took place exactly but that is how i assumed it would work

    Question everything.
  10.   February 25, 2017  
    Zelta's Avatar
    Zelta
    Member
    Cloudbleed

    According to the information posted by taviso (the bug finder), there is a slight chance that some of your information has been leaked in past requests (starting on September 2016 according to HN reports). Since some services, especially web crawlers, tend to store this information for some time, some of your PII (Personal Identifiable Information), might be able to be found in any of the results and/or caches.

    Warmane's personal information includes:
    - Email, username, password
    - Any information that shows up on your screen whilst on warmane.com really (inc. cookies).

    However, the chances for your information to have leaked are extremely low. 1 / 3,300,000 requests. And the leaked information might not even be complete.

    What about my VISA / Credit card / Bank account and other stuff I posted on PaymentWall?
    Warmane's not storing any of these. PaymentWall has not been affected by Cloudbleed. http://www.doesitusecloudflare.com/?...aymentwall.com

    What should you do next?
    Although the chances for your information to have leaked are really low, you should consider changing your password. For those who have enabled 2 Step Authentication both in-game and on the web, Cloudbleed shouldn't be a problem.

    What's the current state of cloudbleed?
    Cloudbleed is currently being addressed by Cloudflare. Google (used by ~80% people) seems to be highly cooperative and says that has already deleted tons of cached data to prevent information leak on their side.

    Sites affected by cloudbleed.
« Previous Topic | Next Topic »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules