what's AC's position about the leak of member data?

hallux

Q&A Team
Jul 7, 2013
12,322
7
38
Visit site
That list could be misleading. That's a list of ALL companies associated with that site, even just for DNS routing rather than actual hosting of content/user data. If our info was at risk, I'd expect an email advising of such, possibly from a MobileNations email address rather than AndroidCentral.

I wonder how the folks, like myself, that use Google login for the site would be impacted in this...
 

Marcus Adolfsson

CEO, Mobile Nations
Mar 1, 2011
160
15
0
Visit site
We received the following from CloudFlare:
"Your domain is not one of the domains where we have discovered exposed data in any third party caches."
We are looking into any security implications from the CloudFlare issue. Google logins etc should not be an issue due to the way those login mechanism work (we never see any sensitive data, it is all handled on Google's side).
 

Matty

Q&A Team
Mar 15, 2014
1,596
0
0
Visit site
That's really good to hear, i put a lot of trust in Mobile Nations and AndroidCentral to keep any information i share private So its good to see i can continue with that trust :)
 

gizmo21

Trusted Member
Nov 12, 2012
8
0
0
Visit site
I just spoke with Tech ops and they confirmed that the three features causing the issue with CloudFlare (Email Address, Obfuscation, Server-side Excludes, Automatic HTTPS Rewrites) has never been active on our sites.

But as the site A information is leaked on OTHER site B is it really needed that the vulnerable function have to be enabled on site A, or is it perhaps enough having site B had those active?

Just asking, cause e.g. change.org already writes mails telling me to change my password as precaution: https://www.hackread.com/cloudflare-cloudbleed-attack-change-org-password-email/
(Even if they did on-top some real security mistake sending a password-change link inside an email).

Update: OK did not see this, so if cloudflare told you mobilenations is NOT affected by leak (or at least did not find leaked info on other sites) - it should be save (I think):
We received the following from CloudFlare:
"Your domain is not one of the domains where we have discovered exposed data in any third party caches."
 

pkcable

Q&A Team Leader, VR Expert
Ambassador
Jun 8, 2010
3,583
28
48
Visit site
Now just because AC is safe does NOT mean we ALL are safe! Note this advice from Modern Dad...