2017-02-24
Statement Regarding Cloudflare
Recent Posts
- Automation Configuration Changes may be Required
- A New Look for Files.com
- Permission Fence - A New Way To Manage Permissions
- New Integrated Editor for Office Documents
- Announcing Snapshot Share Links
- Akamai Linode integration with Files.com
- Cloudflare integration with Files.com
- Files.com's Response to the Security Incident in Competing Software Product MOVEit
- Removal of CBC cipher suites from the default list
- Announcing Boomi Partner Connector
It's been an eventful day here at BrickFTP headquarters. I have one other security-related update to share with you.
Yesterday afternoon, a company called Cloudflare announced a serious security vulnerability involving their systems. If you haven't yet, I encourage you read to the post they wrote about the issue.
Cloudflare is a major provider of Internet cloud services and as much as 10% of all Internet traffic is routed through their network. If you are a customer of any company who uses Cloudflare, you should rightfully be concerned about the safety of your data.
Currently there is a list circulating around the Internet listing all of Cloudflare's customers, and we are starting to get contacted about whether our use of Cloudflare represents a security breach of BrickFTP.
I want to set the record straight.
BrickFTP is a Cloudflare customer, however our use of Cloudflare is limited to our marketing website located at https://brickftp.com/ (i.e. webpages from us with no subdomain visible in the URL).
Our actual BrickFTP application is hosted at app.brickftp.com and separate subdomains for each of our clients. (Such as yourcompany.brickftp.com.) We do not use Cloudflare for any part of the actual BrickFTP application, and you can confirm this by running a DNS lookup of your company subdomain on BrickFTP. No requests whatsoever for the actual BrickFTP application pass through Cloudflare.
Therefore, we can safely state that the Cloudflare breach did not affect any BrickFTP customers.
One minor exception is anyone who signed up for a new Free Trial of BrickFTP during the period of time that the Cloudflare breach occurred. (February 13-18.) For those customers, it's possible that your email address and password was leaked, due to the fact that our initial free trial signup popup window is hosted on our marketing site, which uses Cloudflare. Out of an abundance of caution, we will reach out to users who signed up during those dates and encourage them to change their password or create a new trial account.
If this is the first you are hearing of this incident with Cloudflare, you may want to check with your other vendors to see whether they may have been affected. Like I said above, a lot of companies use Cloudflare. A partial list of affected domains is available here.
Questions? Need help?
Please let us know how we can assist you. We’re here and glad to help. Please contact us by email, chat (in your web interface when logged in), or phone (1-800-286-8372 ext. 2).
Get Instant Access to Files.com
The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.
Start My Free Trial