Recent searches
Search options
So, Cloudflare analyzed passwords people are using to log in to sites they protect and discovered lots of re-use.
Let me put the important words in uppercase.
So, CLOUDFLARE ANALYZED PASSWORDS PEOPLE ARE USING to LOG IN to sites THEY PROTECT and DISCOVERED lots of re-use.
[Edit with H/T: https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX]
https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/
@0xF21D to be clear, the blog post states they got their data from a feature you need to enable and configure. So this shouldn't be a surprise to most cloudflare customers.
https://developers.cloudflare.com/waf/detections/leaked-credentials/
https://developers.cloudflare.com/waf/managed-rules/check-for-exposed-credentials/
#
@b4ux1t3@hachyderm.io@adamsaidsomething @soviut @0xF21D speaking as a cloudflare customer, I can confirm that you have to opt in to this, as I do _not_ opt into it.
That doesn't stop them from looking, because they're providing all of my TLS. (I don't even encrypt from my tunnel, because I tunnel directly to the box that has the service running on it.)
Fortunately(?) for me, I don't care one way or the other because I use it to host stupid personal projects with no sensitive data. I don't know that I would use it for anything with sensitive data or on behalf of an employer.