RIT Information Security Advisory: Possible Password Exposure from Cloudflare Memory Leak

Cloudflare, a web services and security company, has announced a massive memory leak that may have exposed user data for thousands of sites. If you have an account on an affected web site, your password may have been exposed.

What should I do to protect myself?

  • If you are using your RIT password at any non-RIT site, change your RIT password immediately.
  • DO NOT use your RIT password for non-RIT sites


Additional recommendations

  • Change your password at other sites affected by the Cloudflare memory leak. High visibility affected sites by the Cloudflare memory leak include yelp.com, glassdoor.com, pastebin.com, fitbit.com, change.org, and uber.com. (A partial list of affected sites may be found at https://github.com/pirate/sites-using-cloudflare)
  • Use a unique password for each site on which you have an account. (Using a password manager such as LastPass will make this easier.)


For More Information


Quick Infosec Tip: How can I use a different password for each site? Visit the RIT Information Security page at https://www.rit.edu/security/content/password to discover how to create a secure password and learn about password safes.