At HostPapa, the security of our customers’ data is of the utmost importance. There was a recent Cloudflare memory leak reported to us today. Our security team is currently investigating the depth of the leak to ensure the safety of all HostPapa customers.
The early results of this investigation have indicated that no HostPapa client accounts have been impacted as a result of the memory leak. Our team will continue their investigation and provide periodic updates when necessary. In addition, we have contacted Cloudflare to discuss the potential impact on our customers.
If you are a HostPapa customer and use Cloudflare products or services, there’s no immediate cause for alarm. We are doing everything we can to make sure your data is safe.
How can Cloudflare impact HostPapa accounts?
HostPapa uses Cloudflare primarily as a content delivery network (CDN), which delivers HostPapa’s customers’ websites around the world. Cloudflare improves overall website speed, performance and security, including our own HostPapa website and hundreds of thousands of other websites around the globe. In addition. many of our customers’ websites have also enabled Cloudflare as their preferred CDN.
What is HostPapa doing about this potential issue?
Our security team is working through any potential impact that this leak could have on HostPapa customers. While our early investigation shows HostPapa customers to be unaffected, we will continue to monitor the situation and remain in communication with the Cloudflare team.
Is there anything I need to do?
There is nothing that you are required to do at this point. We will continue to update this blog post as our security team’s investigation continues. We always like to remind our customers’ that it’s good practice to change your account passwords on a regular basis as well as your website administrator credentials.
Some background on the leak:
The leak was initially discovered by Tavis Ormandy, a security analyst at Google’s team Project Zero on February 18th. According to Cloudflare research the percentage of information being leaked is extremely small and “the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”
How the leak was detected and subsequently patched, and what exactly was causing the leaks is detailed in a recent article on Cloudflare’s blog.