On 23 February 2017, the cloud security company Cloudflare announced that a bug in its services had led to the loss of personal data.
Was the SCL affected?
Along with a huge number of other sites, the Society for Computers and Law used Cloudflare’s affected services during the period that the bug existed.
As a result of the nature of this bug, and particularly because the bug affected approximately just 0.00003% of Cloudflare’s traffic, the chance that any SCL traffic was leaked is very low. Cloudflare has confirmed to SCL that it has not found evidence of data from SCL.org “in third party caches”.
Importantly, thanks to the SCL’s security model:
- no payment card details will have been affected, as our payment processors rely on a separate, direct, connection that does not pass through Cloudflare; and
- e-mails to and from SCL are unaffected.
Do I need to do anything?
Changing your SCL account password cannot hurt but, as this controls only your access to the site and ability to post comments, and does not in itself enable payments to be taken from you, the risk seems to be low.
If you wish to do so, you can change your password by logging in and using the ‘Account’ button in the top right.
We recommend that you use a password that is unique to SCL.org. If you have reused your current SCL password on other websites or services, we recommend that you change your password on those websites or services too.