CloudBleed Bug Makes Change.org Send Password Reset Emails to Its Users

A famous online petition website, Change.org is now sending emails to all its registered petitioners and encouraging them to change their current account password on their website. The email also came days after the Google employee, Tavis Ormandy from Project Zero exposed a Cloudbleed bug which seems to have leaked some sensitive and personal information from websites which are using the CloudFlare’s service.

The email from the company to its users states that they have received a notification from CloudFlare about a security issue which may have compromised the personal information of some users who use their services. Although there is no direct evidence to prove that Change.org has been directly affected by this very issue, still, for security purpose, they advisable their users to change their password. Here’s a full preview of email sent by the Change.org:

We wanted to share some of the information that we have received recently from Cloudflare, which is a popular web services provider and the one we use at Change.org, about a security issue which may have exposed personal information of some users who use their services. We have also received a confirmation from Cloudflare stating that there is no clear evidence that the Change.org has been directly affected by the issue. But, when issues like this happen, it is always suggested to change your password and provide an extra level of security, which you can do by following the link given below:

We want you to be safe and feel safe when you are using our services and we have been investigating this situation closely to ensure it our users are not affected in any way.

Cloudbleed is a bug which is alleged to have originated from the renowned company Cloudflare. As you may already know, Cloudflare offers internet security and infrastructure to some of the world’s biggest tech companies. These includeZendesk, Cisco, Nasdaq etc.

Image source: Hackread

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients