Yesterday a vulnerability in Cloudflare CDN and DDoS prevention service was disclosed by Google’s Project Zero. The blog post stated that an HTML parser for specific Cloudflare features was vulnerable to leaking sensitive information of other Cloudflare customers.
Although Bugcrowd does use some of Cloudflare’s services, it appears that we were not affected.
At Bugcrowd we take security very seriously, and while investigations show we are not vulnerable, several major Internet sites were affected. As a precaution, we have invalidated all Bugcrowd sessions. If you use our API, we suggest you rotate your API credentials, which you can do via the API Access panel in Personal Settings. We also strongly advise you to change your password.
We sincerely thank you for your understanding in this matter, and if you should have any questions, please contact us at support@bugcrowd.com.
– The Bugcrowd Security Team
