Cloudflare it has been recently claimed has suffered a large security breach, and a number of major sites were affected such as Uber, Fitbit, OkCupid, etc. and we too. We use Cloudflare ironically as a security layer. Now some have started to spread nasty rumours about our point of sale site because some people like to do that about us a lot. Let me explain why I really doubt anyone needs to worry about us.
1) With this data breach, it is not yet clear that any hack ever happened. What we know is that it might have happened. It is very theoretical at the moment. It is a maybe hack. Say you left your security code for the shop on a sheet of paper at work. Did anyone read it, did anyone write them down, did anyone know about it and did anyone realise its significance? This is the situation with this hack.
2) Cloudflare was only an extra layer for extra protection, not our primary defence. Even if the Cloudflare layer was broken, a hacker would not get into anything. An example above might say that a person above now has your security codes for the shop, they still need a key to get in. At no stage did we give the key. Unlike many others, as recent events have shown who just use standard software, so get frequently hacked we are very careful about security here so we have never had a hack, touch wood!
3) Cloudflare is now contacting sites that they believe are affected by this possible hack, and we have not been contacted, suggesting that they think we are probably not affected.
4) We have only used cloudflare for a very short time, for much of the period in question with this data breach our website was not using cloudflare.
However, just in case, every user on our site has received from me an email about the situation, and we are now enforcing a forced password reset campaign so any user who wants to continue using our site as before must reset their passwords
Anyone wants to talk about it more, anyone wants to discuss further, I am more than happy to do so.
