> As part of our response to this incident, we did our own search through the compromised data to look for tokens or passwords and found 104 Cloudflare API tokens. We have identified no suspicious activity associated with those tokens, but all of these have been rotated in an abundance of caution. All customers whose data was compromised in this breach have been informed directly by Cloudflare.
Great response
> We are responsible for the choice of tools we use in support of our business. This breach has let our customers down. For that, we sincerely apologize. The rest of this blog gives a detailed timeline and detailed information on how we investigated this breach.
And a mea culpa for their 3rd party vendor choices (impressive)
mr_cyborg · 10h ago
They saved others, but they couldn’t save themselves.[1]
Important to remember that security practitioners and vendors are actually on the same team when it comes to criminal behavior, and maybe it’s better to treat others with grace.
Is anyone aware of the other services using Salesloft Drift that were breached? Cloudflare is the first I've had reach out, but surely there were others.
bstsb · 11h ago
so far Google, Zscaler and Palo Alto Networks. looks like more to come though
ganoushoreilly · 7h ago
There were at least 700 victims being tracked by Google's Threat Intelligence Group
pjsg · 11h ago
I got this notification (email subject "[ACTION REQUIRED] Third-Party Compromise Impacting Cloudflare Salesforce Cases"), but, as I'm a free user, I don't even have a 'Technical Support' option under the 'Support' menu dropdown.
Have other free users also received this email?
reassess_blind · 11h ago
Click the Support Dropdown > Support > Technical Support > My Activities
bstsb · 11h ago
if you've ever submitted a support case to Cloudflare then you got the email.
That leads to a page saying "Cannot locate dashboard account"
I did find an email from Cloudflare in April 2011 (seven months after CF started to offer services) which was a response to a support request. I guess that things have changed in the intervening years so that the original link to keep track of my support request no longer works!!
I'll give them a break on this!
TheNewsIsHere · 9h ago
I’m not giving them a break on this. They sent me the same email. I’m having the same experience.
I actually do have a support case history with them, and I’d like to review what data has been lost. I’ve been a customer for over a decade. I have no clue what was in that history because I’ve filed numerous tickets over the years. They have made that impossible without paying them, even if you’ve paid them in the past.
They clearly failed to test their process on each account type.
I guess we could send individual data subject requests to their DPO, but that is probably more costly for them.
luke2030 · 8h ago
Consider if your support cases were instead with Zendesk and not with Salesforce. This could explain why they did not contact you.
Great response
> We are responsible for the choice of tools we use in support of our business. This breach has let our customers down. For that, we sincerely apologize. The rest of this blog gives a detailed timeline and detailed information on how we investigated this breach.
And a mea culpa for their 3rd party vendor choices (impressive)
Important to remember that security practitioners and vendors are actually on the same team when it comes to criminal behavior, and maybe it’s better to treat others with grace.
1: https://blog.cloudflare.com/how-cloudflare-mitigated-yet-ano...
Have other free users also received this email?
check https://dash.cloudflare.com/?to=/:account/my-activities
I did find an email from Cloudflare in April 2011 (seven months after CF started to offer services) which was a response to a support request. I guess that things have changed in the intervening years so that the original link to keep track of my support request no longer works!!
I'll give them a break on this!
I actually do have a support case history with them, and I’d like to review what data has been lost. I’ve been a customer for over a decade. I have no clue what was in that history because I’ve filed numerous tickets over the years. They have made that impossible without paying them, even if you’ve paid them in the past.
They clearly failed to test their process on each account type.
I guess we could send individual data subject requests to their DPO, but that is probably more costly for them.