Velocity Unaffected by Cloudbleed
At Velocity data security is a top priority.
Over the past 24 hours it has come to light that a major internet DNS provider named CloudFlare had a vulnerability affecting a very small percentage of the domains it serves for quite some time.
Velocity, and all of our customer data remains completely unaffected by this. We have confirmed this with a thorough audit.
At present, it’s not entirely clear how wide the implications of this bug are, but a prolific Google developer named Tavis, who discovered the bug, has been working tirelessly alongside CloudFlare to remove scattered remnants of the leaked data online. That said, he commented about the issue:
“Cloudflare did finally send me a draft. It contains an excellent postmortem, but severely downplays the risk to customers”
Effectively, the bug has been shown to have leaked all types of sensitive information randomly across the internet, including information transmitted securely via SSL. Approximately 1 in every 3.3 million requests handled by CloudFlare (for domains with a small subset of features enabled) leaked sensitive information.
At Velocity, we take all possible measures to keep our customer’s data safe and secure, including but not limited to:
- using military-grade encryption for our data transmissions
- dual-factor authentication & highly secure passwords for access to critical services
- staff training on handling sensitive information
- storing data with encrypted databases using AES 256-bit encryption (the standard adopted by the US government)
We recommend, as a precautionary measure, to change your passwords on other services you use online. It’s difficult to know exactly which services may have been affected by this, but as more information is uncovered certain sites may force password changes anyway.
