Recent searches
Search options
Administered by:
Tell me I'm reading this blog post wrong. It reads as if Cloudflare is admitting to reading the login credentials of users of sites that use Cloudflare.
"Our data reveals that 52% of all detected authentication requests contain leaked passwords found in our database of over 15 billion records, including the Have I Been Pwned (HIBP) leaked password dataset."
h/t: @0xF21D
https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/
@mookie I mean doesn't the next paragraph explain what they did? "As part of our Application Security offering, we offer a free feature that checks if a password has been leaked in a known data breach of another service or application on the Internet. When we perform these checks, Cloudflare does not access or store plaintext end user passwords. We have built a privacy-preserving credential checking service that helps protect our users from compromised credentials....."
It does, but it is still a bit concerning that not only does Cloudflare have access to user credentials, but they are also utilizing it.
Bill Cole 
@grumpybozo@toad.social@mookie @brianvastag It is intrinsic to their service that they have access to credentials in the clear, because they are providing the TLS layer for end users.
It is one of the reasons that many people have had forever for not using Cloudflare or similar services.