CloudFlare, eRepublik and You.
Yui MHCP001
For the record, I'm not talking in any official eRepublik Labs capacity.
By now you may have heard from Clopoyaur or Master_rg that eRepublik was supposedly compromised.
The site itself wasn't directly compromised, but the security system provided by CloudFlare experienced some more or less severe difficulties.
eRepublik uses CloudFlare to prevent malicious attacks. It's one of the best security systems for websites out there, so many popular websites such as 4chan and Discord use it.
However, last Friday a security problem was exposed. Under very certain circumstances, memory containing private information, could be returned in an HTTP response, and would be cached (or saved) in search engines. (If you want more detailed information, read the CloudFlare Blog on this bug)
The problem is now fixed, and any search engine result giving out private information resulting from this bug was found and removed, but it's unknown what information was uncovered by malicious users, and on what sites.
While it's extremely unlikely anyone tried to target eRepublik, and the fact that eRepublik traffic should be encrypted, I would personally STRONGLY RECOMMEND you to change your eRepublik and Discord passwords, and any passwords on websites found on this list of the top 10,000 websites that use CloudFlare
Stay safe nerds.
-Yui
Comments
I definitely hacked Plato's account details. GF Day Part 2 lets go
Also for reshouts:
CloudFlare, eRepublik and You: A brief explanation on whether or not eRepublik was compromised
https://www.erepublik.com/en/article/2632628/1/20
Why are you spreading panic? It's doesn't say anywhere that passwords were compromised in that Cloudflare blog! Don't be paranoid.
Why doesnt eRepubliklabs hire you xD?
Bro I wish.
The biggest thing is that I don't live in Romania and am not necessarily willing to relocate for it.
A non garbage article from Leo. Who would've thought?
v+s+e 🙂
pls
benis
There are maybe 14-15 websites that I know or use that have been exposed to this threat BUT the biggest issue, imho, is that somebody finds a login to one of those websites where you used the same password that you apply to any other more important ones.
I don't think that somebody will try to play eRepublik instead of me. If he's so idiot to do it, he's welcome!
Oh wait... why can't I write anymore?
Wtf....
RESISTANCE IS FUTILE! YOU WILL BE ASSIMILATED!
This account now is property of Borgs & C. Inc.
xd
v
I am too stupid. how do i change my erepublik password?
Go to your profile.
Click Edit Profile (Near the top to the left)
Click Security
You change your password there
IMO your profile is different than mine 😉
to the right* derp
Click on your profile picture to view your profile. In your profile there's a Edit Profile button on the top right. Click it then click on the Security.
Send it to me! I will take care of doing that! 😃
Step 1) Send me your login infos via pm 2) I change your pw for you 3) your account is super save again
PS: I'll also need your social security number and credit card pin. Just to be save.
Had no idea of the issue 🙂
thank you, ty for let us know 😉 CHEERS!
Damn I didn't heard this.
thx for the update Yui o7
Thank you!
FAKE NEWS!
"I would personally STRONGLY RECOMMEND you to change your eRepublik and Discord passwords, and any passwords..."
And I personally STRONGLY RECOMMEND that you change your underwear while you're at it!
nice, voted, thanks!
"read the CloudFlare Blog on this bug"
Please, correct this.
la la land 4you!
this was on linked.in as well so the problem is bigger than you think
Stay in school.