刚才收到一封来自VULTR邮件,由于可能存在使用CF CDN的传输加密问题导致的用户信息泄露(根据检测并没有发现问题)。但是为了确保信息的可能性,我们还是尽快的修改账户密码。其中包括服务器密码和平台的账户密码。我们用户应该也收到来自VULTR官方的邮件。
Dear Valued Client,
As you may know, Vultr utilizes Cloudflare’s CDN product to enhance the speed of our website around the globe and protect against various malicious attacks on our site.
Cloudflare recently revealed a security vulnerability that may have resulted in private data from sites whose data is behind the Cloudflare CDN. According to Cloudflare’s security team, the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage. While Cloudflare patched the discovered issue quickly, it was possible sensitive data was leaked to third party search engines that cache data such as Google.com.
Cloudflare has worked with the security team from Google to search cached data for any relevant Vultr links and has confirmed no data was found. Based on this we have no reason to believe any Vultr customer information has been compromised via this Cloudflare bug.
This is a good opportunity to remind you of best security practices to secure your account:
* Enable 2 factor authentication for your main vultr.com account login.* Change your control panel password every 90 days (or less).* Always change your Instance’s default password after initial deploy.* If you utilize the API service, ensure your API IP ACLs are configured correctly.* Routinely scan your computer for malware, spyware, browser extensions, and Virii that could compromise or leak private information.
We will continue to closely monitor the situation and stay in close contact with Cloudflare should there be any change in the facts we have received thus far. Your account security is our top priority here at Vultr.
暂无评论内容