Last night a security vulnerability was announced affecting websites protected and accelerated by Cloudflare. Cloudflare is a reverse HTTP proxy service, which sits between a webserver and the internet to provide extra security and content optimization / CDN services. A bug in the Cloudflare system caused limited amounts of data to leak.
The vulnerability has been detailed extensively on Cloudflare’s blog post here.
How does this affect BHost?
BHost uses the Cloudflare service for www.BHost.net (the marketing site on which you read this blog) and my.BHost.net (the customer portal).
www.BHost.net (the marketing site) is purely a static site and no private data such as passwords are passed to this site.
my.BHost.net requires username / password authentication, and then uses a session cookie to keep you logged in. There is an extremely small chance that a username / password or session cookie could have been leaked as part of this Cloudflare vulnerability. The chance of this is incredibly small.
What should I do?
No action is required as we consider the risk to BHost customers to be negligible. If you wish to be super cautious, you can reset your password for my.BHost (as well as having complex, strong passwords it’s also best practice to have a unique password for every different website or service).
We would like to emphasise that BHost’s internal systems remain secure and are not affected by this incident.
Please do not hesitate to comment below or contact our 24/7 support team at support@BHost.net should you have any queries on this matter.