Cloudflare "hacked"

Spencer

Today cloudflare e-mail was hacked. And the hacker got access to cloudflare. Interesting. http://blog.cloudflare.com/post-mortem-todays-attack-apparent-google-app

Jack

LOL

subigo

@Jack said: LOL

Agreed. Cloudflare is all hype and ran by hacks.

jarland

TL;DR version: Gmail is a potential point of failure. Why oh why do people keep trusting free services like this for such vital tasks? Save me the speech about how google apps for business isn't necessarily free, it's still a product that any home user is familiar with and easy to exploit. Minor changes, same basic product. Like a mail server is that hard to run.

Oh well, these people just keep reminding us all not to make rookie mistakes. Hindsight is 20/20, and we're all benefiting from that.

birdie25

At least they write a detailed post and keep their users updated.

cough WHMCS cough

raindog308

One more step I'd add to their list is "do not use any correct answers to account verification questions". I use random strings for things like mother's maiden name and the name of my high school mascot and such...

Victor

Hmm, bypassed Google's 2 Factor Authentication? That's a troubling thought, hope that's not how they got in. :|

BuzzPoet

I added 2-factor auth to my Gmail account specifically because it was hacked in 2010. I had a relatively strong password at the time. It was 16 characters and a combo of letters, numbers and non-alphanumeric characters. Considering I'm not a valuable target to anybody, I doubt they spent time to brute force my password. I have always suspected it was a security vulnerability in Gmail that compromised my account, and if that's the case, they could bypass 2-factor auth as well. This pretty much proves it in my mind. Google started heavily promoting 2-factor auth in 2010 when LOTS of Gmail accounts were being hacked. It's their security theater.

yomero

@BuzzPoet The same CRAP happened to me u_u Is sad, and a shame :S

MrAndroid

Social Engineering yet again,

Victor

@BuzzPoet: My personal gmail was hacked back then as well, and I could never figure out how they did it. I enabled 2fa straight after I got it back.

giang

Maybe you guys had keylogger on your computer? Or your 10 emergency keycodes have been leaked? :D

Kairus

I had a keylogger on my machine a few years ago and lost a gmail account because of it. Tried to recover it and google support was pretty crappy. The stupid thing is that you can change your security questions and backup e-mail addresses in GMail whenever you want. It was my fault for getting the keylogger, but I still feel like I should have been able to recover my account...

Victor

Doubt it was a keylogger, I ran scans straight after and tripled check everything, regardless, I got my account back through recovery email 1 hour later.

nabo

That's one of the reasons I don't use Google for mail. It's just a too big target.

gsrdgrdghd

@nabo said: That's one of the reasons I don't use Google for mail. It's just a too big target.

I would say that Google Mail is far more secure (in terms of hacker attacks) than anything you (or me) could set up. As long as you use 2-factor-authorization, random answers to the security questions and a secure backup mail address you should be fine.

nabo

@gsrdgrdghd said: Google Mail is far more secure (in terms of hacker attacks) than anything you (or me) could set up

That's why I don't set-up a mailserver but pay someone to do so ;-)