some of you may have heard of the Cloudflare Security incident.
Cloudflare is a popular internet support company, mainly offering CDN and DDoS Protection services.
Forged Alliance Forever has been using Cloudflare to protect our forums.faforever.com and reduce the amount of web traffic.
For about four months, Cloudflare had a bug in several of its features that allowed random memory contents of their webproxies to be sent out with website requests. These random memory contents contained parts of other websites’ traffic, including secret data such as private messages and passwords.
This errant data was picked up by search engine crawlers and other archives. Search engine providers are now trying to clean up their caches, but all data that has been leaked must be considered compromised.
This means the data of FAF users on the forum, including passwords, has potentially been compromised.
Therefore, we urge you to change your FAF forum password and if you have reused that password anywhere, pick a new password there too.
This incident affects not just FAF, but a huge amount of websites, including many very popular ones. You should expect to get notifications from many websites in the next days.
We recommend that you
- Do not reuse any passwords on different websites
- Choose strong, preferably randomly generated passwords
- Use a password manager
- Use 2-Factor authentication on any important websites
You can find more information on the incident here: