User may still be at risk from the CloudBleed exploit


Cloudbleed is the latest internet bug that puts users private information in jeopardy. The bug was fixed by the Cloudflare team on February 20, 2017 at 21:59UTC.

As a security best practice, we recommend that all users change their IAM user console access passwords after any sort of security event. Changing passwords limits how long a compromised password is useful to an attacker (or how long they potentially have access to your account).

You can read more about Cloudflare’s response to and description of the bug on their blog, or CNET’s high level overview.

Suggested Action

Users should be asked to change their passwords if they haven’t done so since February 22, 2017.

Tags: iam