Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
sfba.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for the San Francisco Bay Area. Come on in and join us!

Administered by:

Server stats:

2.3K
active users

sfba.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

Public
steve mookie kong

Tell me I'm reading this blog post wrong. It reads as if Cloudflare is admitting to reading the login credentials of users of sites that use Cloudflare.

"Our data reveals that 52% of all detected authentication requests contain leaked passwords found in our database of over 15 billion records, including the Have I Been Pwned (HIBP) leaked password dataset."

h/t: @0xF21D

blog.cloudflare.com/password-r

The Cloudflare Blog · Password reuse is rampant: nearly half of observed user logins are compromisedNearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
#infosec#security#cloudflare
jonathankoren™

@mookie @0xF21D I read it looking for some methodology that was not what it all the hot takes are saying, and I got nothing.

It does appear that they MITMed it.

This makes me even more uncomfortable with cloudflare existing.

Mar 17, 2025, 10:07 PM·Public·IceCubesApp
0boosts·2favorites
Public
steve mookie kong

@jonathankoren @0xF21D

I too was looking for a methodology, but they clearly are matching passwords to a list of leaked passwords from what they wrote.

Cloudflare is MITM for all traffic that passes through their network though. TLS traffic is terminated at their edge nodes first and then re-encrypted (or not depending on the origin setup) before it heads to the origin.

Public
Antifa-gravity boots

@mookie @jonathankoren @0xF21D OTOH: "To understand human behavior, we focus on successful login attempts (those returning a 200 OK status code), as this provides the clearest indication of user activity and real account risk."

I wonder if they considered how many poorly architected systems are out there that will return a 200 "Login Failed" page?

Public
🆘Bill Cole 🇺🇦

@mookie @jonathankoren @0xF21D They are comparing *hashes* of the passwords (which they have in the clear because they handle the TLS layer for customers) to the dumps of password hashes associated with various breaches, such as the HaveIBeenPwned data.

Details (linked to in their post) at blog.cloudflare.com/helping-ke
It is a feature site owners can choose to not use.

The Cloudflare Blog · Helping keep customers safe with leaked password notificationTo help protect against account compromise via credential stuffing attacks, Cloudflare will notify dashboard users when we detect that a password was found in an external data breach.
ExploreLive feeds
About