Important security announcement regarding the ‘Cloudbleed’ vulnerability.

Last night Google’s security team published details about a security bug in a leading cloud services provider, Cloudflare.

Cloudflare sits between web sites and users to optimize content delivery and provide protection from hackers and DDoS attacks. Cloudflare is used by over 4 million websites, including

While the practical risk to our users is considered extremely low (1 in every 3.3 million web requests potentially leaked memory from their system), we want to make sure you are aware that there was the potential for your passwords and session tokens to be leaked if you used cronometer while the vulnerability was active (September 22nd, 2016 — February 18th 2017).

As a precaution, we will be invalidating all session tokens generated during this window, which will result in many people getting logged out of the app. It is also advisable to change your password, as well as for any other sites you may have accounts with that were using Cloudflare (Fitbit, Uber, OkCupid, Yelp, and many more).

For more general information on the issue, this TechCrunch article has a good summary.

Again, to be clear, we believe there is practically little to no risk to our customers, and there’s no evidence any of our customers’ sessions were compromised,  but we are taking all necessary precautions. If you have any questions or concerns, please contact our support team at

Share this post.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest

Recipe Round Up: Muffins

Muffin compares to a recipe round up for… Brussel sprouts.Nah, just kidding! This week we are featuring muffins in all their glory; moist, pre-proportioned, delicious.

Read More »