“Cloudbleed”: addressing your questions

We have been receiving a number of questions related to the so-called “Cloudbleed” issue, and we’d like to clarify these matters.

Safety first

We have no confirmation that any data was leaked from Vivaldi.net. However, we feel it is important for us to take certain measures to be on the safe side.

Dates

The dates during which Vivaldi.net was affected are September 21 – November 4, 2016. The first date when the leak could potentially have occurred was identified through CloudFlare as September 21.
On November 4, we have made some changes in our infrastructure, and after that date, the logins did not go through CloudFlare services.

Some notes from the CloudFlare blog post: blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug

  • The earliest date memory could have leaked is September 22, 2016.
    According to CloudFlare, this is when they turned on Automatic HTTPS Rewrites
  • The biggest impact of this issue has taken place from February 13 and February 18, 2017.
    This is the time where most of the leaks occurred, and already at this time Vivaldi.net was not serving logins through CloudFlare services.

Users Passwords

It is important to note that not all users passwords were reset, only those that had a possibility of being affected.
Users who were logged in the affected period from September 21 to November 4 had their passwords reset.

If you can’t reset your password with Password Recovery

Please drop us a line here vivaldi.com/contact (choose General in the dropdown) with your username and registered email address.
If you don’t have access to your recovery email, please give us a valid email address where we can contact you.

comments