CloudFlare Reports Breach, UGNazi Takes Credit
The hackers told Softpedia that they want to sell the information they obtained
A few hours ago, CloudFlare issued a statement admitting that hackers managed to gain access to the email accounts of Matthew Prince, the co-founder and CEO of the company.“This morning a hacker was able to access a customer's account on CloudFlare and change that customer's DNS records. The attack was the result a compromise of Google's account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps,” Prince explained.
He believes that the attackers somehow “convinced” Google’s account recovery process to add an arbitrary recovery email address to his personal Gmail account.
“The password used on my personal Gmail account was 20+ characters long, highly random, and not used by me on any other services so it's unlikely it was dictionary attacked or guessed,” he added.
The most interesting fact, according to Prince, is that his account had been protected with a two-factor authentication system.
After analyzing the incident, Google’s security team has determined that “a subtle flaw in the recovery flow” of certain accounts allowed the hackers to compromise the account.
This is where UGNazi steps in. The hackers claim that Prince and Google are both wrong.
“Nah. There’s no way you can social engineer a Google App. I don’t know what he was talking about. We did get in his emails though: email@example.com and firstname.lastname@example.org,” Cosmo told Softpedia.
“We got into their main server. We could see all customer account information, name, IP address, payment method, paid with, user ID, etc. and had access to reset any account on CloudFlare,” he said.
Furthermore, the hackers plan on selling all the information they obtained on Darkode.
You may be wondering why CloudFlare is a target of the controversial group. We asked, and the response is: "the owner Matthew Prince thinks it’s secure. It’s obviously not, implying we got access into the main CloudFlare server today."