Last Thursday night the Packback engineering team learned of a security vulnerability in Cloudflare, a service we and millions of other websites (including FitBit, Medium, Yelp, OKCupid, and Uber) use to help ensure your connection to their websites are fast, reliable, and secure. Cloudflare was leaking potentially sensitive information for an extremely small amount of their traffic (0.00003%) between Feb. 13th and 18th due to a software bug. We immediately started investigating the incident to ensure your data was safe and to keep it safe in the future.
On Friday, Cloudflare let us know that packback.co is NOT one of the websites that they have discovered leaked data for. We have since confirmed that your data on Packback remains completely unaffected by this vulnerability after conducting a thorough audit.
Packback also has additional security measures in place to prevent someone gaining access to your account, such as encrypted authentication tokens and limiting login times to less than half a day. These measures ensure that anyone that did get access to sensitive data would have a difficult time doing anything with it. Check out our engineering blog to know what more we’re doing to continuously improve security on the Packback platform.
While Packback was not affected, other websites you visit likely also utilize Cloudflare, so in light of this news we wanted to share some useful tips on keeping all of your online accounts secure:
Don’t reuse passwords across accounts
- It may seem easy to remember one password, but if a hacker gets hold of that master key, they can access all your accounts. Check out this video to learn more.
- We recommend a password manager such as LastPass, 1Password, or Encryptr which makes keeping track of all your accounts super easy.
Use strong, randomly-generated passwords
- Strong, complex passwords are much harder to guess, and thus makes your account less likely to be compromised.
- Password managers make it really easy to generate strong passwords. You can also use trusted websites such as strongpasswordgenerator.com.
Change your passwords regularly (every 3 months is a good amount)
- This helps ensure that any passwords that do get compromised have a limited lifespan.
When two-factor authentication (or multi-factor authentication) is available, use it!
- Accounts using two-factor authentication require both the username/password combo as well as second code, often generated from your phone, in order to login. A hacker would need both your username/password as well as your phone to login.
- We plan to implement this at Packback soon. When it’s ready, we’ll let you know!
Want to change your password on Packback? Click here to do so.
Want to learn more about the bug known as “Cloudbleed”? Here’s a good non-technical explanation of the situation, and here’s the original post from Cloudflare about it.