Cloudflare hacked; 3 million real IP addresses database leaked in darknet

A team of penetration testing services experts from the National Cybersecurity Coordination Center, part of Ukraine’s National Security Council, confirmed that data from more than 3 million websites using Cloudflare services are on display in dark web hacking forums.

It is worth mentioning that Cloudflare provides network services to hide the actual IP address of a website, a method for protecting against some variants of cyberattack, such as denial of service (DoS), among others.

The published list contains the actual IP addresses of the compromised websites, which poses a high security risk to the company’s customers. This attack involves private companies and government organizations, including 45 domain registrations “.gov.ua”, plus 6,000 addresses with a critical infrastructure-related domain,” penetration testing services experts mentioned.

Researchers analyzed information about compromised websites, concluding that many of the records exposed are outdated. However, a considerable part of the information presented remains relevant to the companies involved. Exposed website administrators have already been notified, so they will need to implement the required measures to prevent potential attacks while Cloudflare continues to investigate the incident.

The main recommendation for those affected is to reset all IP addresses associated with their online resources, in addition to enabling as many cyber-attacks monitoring mechanisms as possible.

This incident occurred in a complex context, as penetration testing services experts have just reported the detection of a new DoS attack method in Ukraine, used to collapse the networks of telecommunications service companies.  

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.