Do you ship? Get the refunds you deserve!

Sign up, sit back, get paid.

“Cloudbleed”: How It Affects Refund Retriever And You

By February 27, 2017

Trusting Refund Retriever to audit your UPS and FedEx accounts for billing mistakes means you are trusting us to keep your information safe and secure. This is a responsibility we take very seriously.

Refund-Retriever-Security-Guarantee

Recently, a major security concern on the Internet was discovered, nicknamed “Cloudbleed”. This issue affected sites running on CloudFlare, a service that provides infrastructure, performance optimization, and security services to many sites on the Internet. Please note that Refund Retriever does not use CloudFlare for any of our shipping auditing services or for your customer dashboard. This means that we are not directly impacted by Cloudbleed, but our technology experts monitor and proactively evaluate how all security outbreaks affect us and our customers.

 

You can read additional technical details about Cloudbleed from the group at Google that discovered the bug as well as CloudFlare’s response. However, to briefly summarize, a misconfiguration on CloudFlare’s end was causing it to leak details from some web requests it was responsible for handling. This means that anything you may have sent to an affected site, such as usernames and passwords, could be exposed (for instance, in various search engine caches). This leaking is known to have occurred from September 2016 to February 2017.

 

What does this mean for you? If you logged into any of the affected sites (which includes sites like Uber and Yelp), you should consider that information compromised, and should change your passwords on those affected sites immediately. (You can find a list of potentially impacted sites.) CloudFlare has indicated that they know of any malicious attacks resulting from this security bug, but you should always exercise extreme caution on the Internet and changing passwords would be your best course of action. (As well as exercising other security practices, such as using two-factor authentication on sites that offer it)

 

Again, your Refund Retriever information is safe and secure. However, if your Refund Retriever password is the same as you use anywhere else, we recommend you change your password immediately as well. It is always best to never repeat passwords between websites, use complicated, hard to guess passwords, and use a password manager (like 1Password or LastPass) to enforce these safe habits.

 

If you have any questions with regard to Cloudbleed or the security of the information that you entrust Refund Retriever with, please do not hesitate to reach out to billy@refundretriever.com or contact us via your customer dashboard at https://client.refundretriever.com.

 

See also: Our Similar Blog Post On Heartbleed.

Brian Gibbs

Author Brian Gibbs

More posts by Brian Gibbs

Brian Gibbs | President of Refund Retriever

Brian Gibbs founded Refund Retriever in 2006 while running his first eBay based business and seeing the shortcomings of other shipment auditing companies. Refund Retriever's primary focus is FedEx and UPS parcel invoice auditing. After graduating from Texas A&M University in 2001, he then graduated from the University of Houston in 2004 with a JD and MBA. Gibbs has been featured in Forbes, Entrepreneur and other publications discussing parcel auditing, shipping, e-commerce and more. Learn more at www.refundretriever.com or call (800) 441-8085 for more information.

Sign Up Now Contact Us