CloudFlare HTTP Security Vulnerability
Incident Report for NS1
Earlier today CDN vendor CloudFlare announced a severe security vulnerability within their platform. NS1 utilizes CloudFlare to protect and accelerate ns1.com, the my.nsone.net portal, and our REST API. The vulnerability is detailed here: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

It allowed potentially sensitive data that was stored in memory on CloudFlare servers to leak to the Internet through unrelated HTTP calls and sessions. DNS services were not affected by this disclosure as NS1 only utilizes CloudFlare for HTTP services.

CloudFlare indicates they have not seen any evidence of an active exploit or malicious activity. However, out of an abundance of caution, NS1 is recommending users change their passwords and API keys immediately.

Customers who would like NS1 to force account-wide password or API key resets on their behalf can contact support where we will be able to assist and coordinate with you immediately. We are doing this upon request rather than proactively because doing so would break many of our customers' applications.

As always we encourage clients to follow best practices with respect to security, such as utilizing two factor authentication (https://ns1.com/articles/enabling-2-factor-authentication) and IP whitelisting (https://ns1.com/articles/ip-whitelists) for API keys (and optionally users), as these features offer robust protection against these kinds of exploits.

We will continue to investigate and communicate any additional findings here on our statuspage.
Posted 8 months ago. Feb 24, 2017 - 11:24 EST