Cloudbleed is a recently discovered security bug affecting sites using Cloudflare services. Although the impact of this to HTML-Kit website visitors would have been minimal (see below for why), if any, HTML-Kit site is among the millions of sites that use Cloudflare.
What is Cloudbleed? It’s the name of a data leak bug related to Cloudflare services. For details and links, please see this Wikipedia entry.
Who was affected? Websites that use Cloudflare services were potentially affected.
How big is the impact? 4+ million domains use Cloudflare. However, according to the Cloudflare security team, only about 0.00003% of requests going through them would have been affected.
Does the HTML-Kit website use Cloudflare? Yes, HTML-Kit website use Cloudflare as a CDN to speed up response time.
Should I be worried as someone that used the HTML-Kit site? There doesn’t seem to be much cause for alarm for a couple of reasons: HTML-Kit site doesn’t collect or store sensitive data like credit card information. The likelihood of Cloudbleed leaking data, regardless of its nature, was very small.
What’s HTML-Kit site doing to address this? The bug was in the Cloudflare services (not HTML-Kit or any other site that use Cloudflare), and they’ve responded within hours of discovery by patching their servers and working with related sites. All secure certificates used by HTML-Kit domains are being regenerated just to be overly cautious, even though this doesn’t seem to be a concern at this point.
What should I do? If you’d like to be overly cautious as well, you can change the password on the User Assistant page and the support forum.
Feel free to post any concerns you may have.