• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / CloudFlare targeted through Google Apps account recovery flaw

CloudFlare targeted through Google Apps account recovery flaw

2012-06-02 by Jason

CloudFlare, the security-filtering, DNS pass-through CDN, has reported via its blog that its servers have been breached. The hacking team UGNazi has surfaced and is claiming credit for the breach.

The breach of CloudFlare, according to the hacker, includes the full database. From the exchanged details it seems only a Google Apps account was compromised to allow the hacker to reach its specific target, assumedly 4Chan. No financial details are recorded in the database according to CloudFlare CEO and co-founder Matthew Prince, the direct target and where the story gets interesting.

Prince used two email addresses tied to CloudFlare operations – a personal Gmail account and a CloudFlare.com account run through Google Apps. While the Google Apps accounts used two factor authentication, the hacker was able to the personal Gmail account to gain access to the Google Apps account. Once they had access to the Google Apps Control Panel, they gained access to an administrative account where password reset emails were BCC-ed for troubleshooting purposes. The hackers then reset the password on the targeted victim’s account, accessed it, and updated their DNS records within CloudFlare.

CloudFlare has been working with Google Security to discover an account recovery flow flaw that allowed this despite having two-factor authentication enabled.

Just received notice from Google that they tracked down the issue core issue that allowed a compromise of the two-factor authentication system. Google reports that they discovered a “subtle flaw affecting not 2-step verification itself, but the account recovery flow for some accounts. We’ve now blocked that attack vector to prevent further abuse.” That’s great news. I want to reiterate that the Google Security team has, at all times throughout this incident, been responsive and attentive to the issue. In my opinion, they are the model of security on the Internet and we continue to trust them to power email for CloudFlare.com.

Prince has since broken all ties between his personal Gmail address and CloudFlare administration. The company found some customer API keys present in emails in the compromised account, so it has reset the API keys of any of those present. You can reset your accounts API key through the Account Control Panel. The CloudFlare blog post has even been updated to state that no unauthorized access into CloudFlare systems has been found, further discrediting the hacker’s story.

Filed Under: Security and Privacy, Webmaster

Trending

  • Printing 4″x6″ labels
    In Hardware, Gadgets, and Products, Tech Solutions
  • Evaluating enterprise antivirus solutions
    In Security and Privacy, System Administration
  • DLSG/BookEye Planetary Scanner Review
    In Software, Talking Points, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • 3d rendering circuit cloud for cloud computing technology Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource Telecom Application Development: When to Outsource
  • Printer printing document wirelessly from mobile phone or smartphone wifi connection vector flat cartoon illustration, file air print on fax or ink jet via cellphone bluetooth modern design Why Your Business Needs Online Fax Services In 2022
  • 6 Best Ways to Protect Your Business Account 6 Best Ways to Protect Your Business Account
  • How to download videos from Instagram How to download videos from Instagram
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource
  • Why Your Business Needs Online Fax Services In 2022

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2022 · Magazine Pro Theme on Genesis Framework · WordPress · Log in