Cloudflare Bug

All players should change credentials

A bug was recently discovered with Cloudflare, which Crypto-Games use for DDoS protection and other services. Due to the nature of the bug, we recommend as a precaution that you change your Crypto-Games security credentials:
•Change your password
•Clients who use API key should generate a new key



You should similarly change your security credentials for other websites that use Cloudflare (see link below for a list of possibly affected sites). If you are using the same password for multiple sites, you should change this immediately so that you have a unique password for each site. And you should enable two-factor authentication on every site that supports it.

The Cloudflare bug has now been fixed, but it caused sensitive data like passwords to be leaked during a very small percentage of HTTP requests. The peak period of leakage is thought to have occurred between Feb 13 and Feb 18 when about 0.00003% of HTTP requests were affected. Although the rate of leakage was low, the information that might have been leaked could be very sensitive, so it’s important that you take appropriate precautions to protect yourself.

Here are some links for further reading on the Cloudflare bug:
• TechCrunch article: https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/
• List of sites possibly affected by the bug: https://github.com/pirate/sites-using-cloudflare/blob/master/README.md
• Announcement on Cloudflare blog: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Regards,
Crypto-Games Support Team