Cloudflare service leaked private data, please change your password!
Thanks to @aidenpatrickPGH for the initial notification - this site does indeed use Cloudflare and if you haven't heard already, they have been unintentionally leaking cookies and other private data for the past five months due to a bug in their code. Note that I have not been contacted by Cloudflare as one of the known affected sites, but that doesn't mean the possibility is not there. Please change your password, log out and log back in to 5mods and many other sites using Cloudflare including GTAForums, Patreon, Discord and Pastebin (keep reading below for more details)
To give some background, Cloudflare announced yesterday that their service has been leaking out private data between September 2016 and last week. This means things like your cookies and session info could have been printed out in the open and cached by search engines, which is normally not supposed to happen.
They listed three services that caused the issue, and this site does not use any of them, but since Cloudflare servers are shared by customers at random, this site could still be affected by the bug. Your best bet is to change your password, log out and log back in. I'll be looking into ways to clear out all current sessions (to require users to log in again) and notify people who have logged in since September 2016 about the issue.
Also remember that there are many other websites affected by this - don't just change your 5mods password! Thousands of sites use Cloudflare, check out a big list here: https://github.com/pirate/sites-using-cloudflare.
258 passwords to change... oh man!
@LeeC2202 Only 2 for me.
@V4D3R Colour me jealous.
I might have to see which ones I care about more and just change any that might have payment related content on them... I suppose I should check the list first, I just looked at my password manager and got that figure... maybe I'll be lucky.
God Damn it. too many websites. Thanks @rappo for letting us know.
i hope other website ppl send me an email regarding this , or a notification like you did, Responsible so that , we may change the passwords.
@rappo I think having a forgot password button while logged in would help, because then you'd have to check your email, change your password, and then reset.
@krashadam You forgot your password?
@V4D3R Haha don't jinx it!
Also, thanks for the info about this.
@V4D3R lol yeah.
The following URL has a heart composed of many tiny square blocks.
If the block is colored red, then thats one of the sites you have visited that was affected.
Discord was the only red block for me.
"Just because a domain is listed here does not mean the site is compromised.
The following each red blocks represent the site you have visited before which may be affected by CloudBleed. The :visited CSS pseudo-class is used here. "