DevOps Operations Performance Platform

PagerDuty Blog

Subscribe to PagerDuty Blog: eMailAlertsEmail Alerts
Get PagerDuty Blog: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Married to Chocolate

Blog Feed Post

PagerDuty’s Response to Cloudbleed Vulnerability

Cloudflare and Google’s Project Zero published details of security data leak. A vulnerability in Cloudflare’s code has led to a potential unknown quantity of data leaking – including people’s private information such as passwords, personal information, messages, and cookies over the Internet. PagerDuty customers are not impacted by this data leak.

However, PagerDuty marketing website, www.pagerduty.com is a customer of Cloudflare and is hosted on a separate infrastructure. While customers can access their login from www.pagerduty.com, they are redirected to the product login, app.pagerduty.com. Additionally, <yoursubdomain>.pagerduty.com and the PagerDuty mobile apps do not use Cloudflare as they are hosted separately.

Cloudflare is a web performance and security company that protects websites from all manner of attacks while simultaneously optimizing web performance. The identified vulnerability, Cloudbleed, is a single character error in Cloudflare’s code. Cloudflare acted promptly when Google’s Project Zero recently identified the vulnerability in their code. This data leak dates back to September 2016 when web pages had a combination of unbalanced HTML tags which confused Cloudflare’s proxy servers and caused them to spit out data belonging to other people, even if it was protected by HTTPs.

As a Cloudflare customer, we have taken the necessary steps to protect our site, www.pagerduty.com. If you are a Cloudflare customer, we also recommend you take the same precautions: change your password and use two-factor authentication.

We will continue to monitor the situation and provide relevant updates as needed. If you have any concerns, please reach out to our team at [email protected].

The post PagerDuty’s Response to Cloudbleed Vulnerability appeared first on PagerDuty.

Read the original blog entry...

More Stories By PagerDuty Blog

PagerDuty’s operations performance platform helps companies increase reliability. By connecting people, systems and data in a single view, PagerDuty delivers visibility and actionable intelligence across global operations for effective incident resolution management. PagerDuty has over 100 platform partners, and is trusted by Fortune 500 companies and startups alike, including Microsoft, National Instruments, Electronic Arts, Adobe, Rackspace, Etsy, Square and Github.