|
|
|
|
|
|
by tomesch1982
454 days ago
|
|
|
What's more problematic is that Cloudflare is obviously reading and storing and analyzing passwords. So every service that uses Cloudflare on a login page is compromised. I bet that there are several Excel files with all scraped passwords circulating within Cloudflare. |
|
|
We've worked on this stuff for years (this stuff being how to warn users about compromised passwords). You can go back to 2018 with our work with Troy Hunt on Pwned Passwords (https://blog.cloudflare.com/validating-leaked-passwords-with...), or our 2021 work on a privacy-preserving way of checking a password against a list of known compromised passwords (https://blog.cloudflare.com/privacy-preserving-compromised-c...).