PagerDuty's Response to Cloudbleed Vulnerability
Cloudflare and Google’s Project Zero published details of a data leak. A vulnerability in Cloudflare’s code has led to an unknown quantity of data leaking – including people’s private information such as passwords, personal information, messages, and cookies over the Internet. PagerDuty customers are not impacted by this data leak.
PagerDuty marketing website, www.pagerduty.com, is a customer of Cloudflare and is hosted on a separate infrastructure. While customers can access their login from www.pagerduty.com, they are redirected to the product login, app.pagerduty.com. Additionally, <yoursubdomain>.pagerduty.com and the PagerDuty mobile apps do not use Cloudflare as they are hosted separately.
Cloudflare is a web performance and security company that protects websites from all manner of attacks while simultaneously optimizing web performance. The identified vulnerability, Cloudbleed, is a single character error in Cloudflare’s code. Cloudflare acted promptly when Google’s Project Zero recently identified the vulnerability in their code. This data leak dates back to September 2016 when web pages had a combination of unbalanced HTML tags which confused Cloudflare’s proxy servers and caused them to spit out data belonging to other people, even if it was protected by HTTPS.
As a Cloudflare customer, we have taken the necessary steps to protect our site, www.pagerduty.com. If you are a Cloudflare customer, we also recommend you take the same precautions: change your password and use two-factor authentication.
We will continue to monitor the situation and provide relevant updates as needed. If you have any concerns, please reach out to our team at support@pagerduty.com.