Yes, Cloudflare was hacked

One of the largest security and CDN companies, Cloudflare, reported that it was compromised by someone using stolen credentials to access internal systems, code repositories, AWS, Atlassian Jira and Confluence environments.

cloudflare

The company he says on her blog:

On Thanksgiving Day, November 23, 2023, Cloudflare detected a breach on our Atlassian self-hosted server. Our security team immediately began an investigation, cut off the attacker's access, and on Sunday, November 26th, we brought in CrowdStrike's forensics team to conduct their own independent analysis.

Yesterday, CrowdStrike completed their investigation and we are publishing this post to talk about the details of this incident.

We want to emphasize to our customers that no Cloudflare customer components or systems were affected by this incident. Due to our access controls, firewall rules and the use of hard security keys enforced using our Zero Trust, the hacker's ability to move laterally was limited. No services are involved and no changes were made to our global network systems or configuration.

The goal of the attack, according to Cloudflare, was to gain information about the company's infrastructure, possibly to gain more information that they could use later. The hackers or the hacker had access from November 14 to 17.

According to Cloudflare, more than 5.000 individual production credentials were changed after the incident, nearly 5.000 systems were tested, test and staging systems were physically partitioned, and every machine on Cloudflare's global network was checked, reinstalled, and rebooted.

iGuRu.gr The Best Technology Site in Greecegns

Get the best viral stories straight into your inbox!

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).