March 02, 2017
Last Thursday Cloudflare disclosed on a bug in Cloudflare’s parser that caused data flowing through Cloudflare’s network to be leaked onto the Internet. The bug has been dubbed Cloudbleed, and has received extensive coverage. As a Cloudflare customer, Lucent Sky’s security team sprang into action to evaluate Cloudbleed’s impact on Lucent Sky services and customers’ data. After investigation, we were able to confirm that no cloud-based Lucent Sky AVM servers were impacted by Cloudbleed, while no sensitive data on lucentsky.com websites were leaked.
Two Lucent Sky domains utilize Cloudflare, lucentsky.com, which hosts our website and support site, and lucentskyavm.com, which hosts servers for cloud-based Lucent Sky AVM servers, including Lucent Sky AVM On-Demand. The time period of which websites using Cloudflare were impacted by Cloudbleed is from September 22, 2016 to February 18, 2017.
Websites under the lucentsky.com domain use various Cloudflare features to enhance performance and security. As a result of Cloudbleed, there is a small possibility that data transmitted on lucentsky.com websites was leaked. According to Cloudflare’s own investigation, the number of leaks on lucentsky.com websites during the impacted period is smaller than 1. Additionally, we were able to confirm from our server logs that no data transmitted on lucentsky.com websites during the impacted period contains sensitive information such as passwords and credit card numbers.
For cloud-based Lucent Sky AVM servers under the lucentskyavm.com domain, Cloudflare is used to provide DNS service. As a result, traffic to cloud-based Lucent Sky AVM servers never flew through Cloudflare’s infrastructure and is not affected by Cloudbleed.
In addition to the two domains mentioned above, Lucent Sky also uses 3rd-party services to provide service to customers, such as Lucent Sky Support. We have confirmed that none of these services was impacted by Cloudbleed.
To learn more about Cloudbleed, we encourage you to visit Cloudflare’s blog post regarding this matter. If you have further question regarding the details of our investigation, or how Lucent Sky is protecting your security, contact Lucent Sky support and one of our support engineers will be happy to answer your questions.