We've had people ask us about the Cloudflare leak
reported a few days ago. We are Cloudflare customers, and it is possible that login cookies or passwords may have been exposed as part of the incident. We believe the risk to you is relatively low -- it was a small percentage of Cloudflare's requests that were involved over a relatively short period of time, and we haven't found any evidence that anything from us was among them. This is not an absolute guarantee that none of your accounts were affected, but we don't think the likelihood is very high.
Because we believe the risk to be low, we aren't automatically expiring everyone's session cookies and requiring you to log back in and change your password -- whenever we do that, it does lock some people who they can't remember their passwords and no longer have access to their confirmed email addresses out of their accounts, and we believe that will affect more people in this case.
Still, it's always a good idea to change your passwords regularly, and now would be a good time to do it, especially if you want peace of mind. We have a FAQ on how to change your password
. If your browser logs you in automatically and you don't remember your password, you can reset it
. If you've forgotten your password and no longer have access to your most recent confirmed email address, you can have the password reset email sent to any email address you've confirmed on your account by entering both your username and your old email address at the Lost Info
Unfortunately, if you've forgotten your password and no longer have access to any email address you've confirmed on your account, you probably won't be able to reset your password. In some cases
, if you've previously paid for your account, we can validate your payment details to confirm your identity and reset your password. If you can't reset your password, but think you may have paid for your account in the past, you can open a support request
in the Account Payments category and I'll check into it for you.
LiveJournal has temporarily blocked
about 2/3rds of
our webservers from contacting their site, presumably because they feel that we're requesting data from them too often. This affects the ability to import your journal, the ability to crosspost entries from your Dreamwidth account to your LiveJournal account, and whether syndicated feeds of accounts on LiveJournal will update on Dreamwidth. Those features will fail when they're unable to contact LJ because of the block.
It isn't every one of our webservers, so things will work intermittently -- if you crosspost two entries one right after the other, one might succeed while the other fails.
Unfortunately, there isn't much we can do to resolve this other than contacting them and asking them to unblock us (which I'll be doing right after I hit 'post' on this entry).
EDIT 2249 EST 25 Feb: We appear to be down to zero unblocked webservers, so imports, crossposts, and feeds will all fail until LJ unblocks us.
EDIT 26 Feb noon EST: LJ unblocked and whitelisted us this morning, so all is working again!