You may have recently heard reports about a security bug called “Cloudbleed” impacting sites served by Cloudflare. Envato delivers some websites using services provided by Cloudflare, however Cloudflare have confirmed that none of our websites are directly affected by this security bug.
What is it?
The security bug has caused a very tiny percentage of requests served through Cloudflare to contain information from other unrelated sites. In an even smaller percentage of cases, some of this leaked information included usernames, passwords, and other private information.
If you’d like to learn more about this issue, Cloudflare published a detailed explanation of what the bug is and how it came to be, you can read it on their blog.
How does the bug impact you?
It doesn’t, really.
Even though Envato serves some of our websites, Envato Elements, Envato Tuts+ and Envato Studio through Cloudflare, your data and credentials were not leaked on any Envato websites.
We take security very seriously at Envato, so as a precautionary measure we have done the following:
Expired all current login sessions on all Envato websites that use Cloudflare services.
Despite being extremely confident session data was not exposed by this bug, we took this step to make 100% sure that even if session data was exposed it was no longer valid and could not be used to access your account.
Replaced all credentials that Envato systems use with other service providers that may have also been affected by this bug.
Whilst we are confident no usernames or passwords to Envato websites were leaked through Cloudflare, we cannot make guarantees for users who use the same password across multiple sites. If you are at all unsure we recommend changing your password.
If you would like to change your Envato Elements password, you can do so here. For more information about this process, feel free to visit our help page updating your account details
If you use your Facebook account with Envato Studio, please follow the instructions in this Facebook help post to change your password, otherwise change your Envato Studio password here.
Change your Envato Tuts+ password here.
If you have any questions, please feel free to sing out below.