Trusting Refund Retriever to audit your UPS and FedEx accounts for billing mistakes means you are trusting us to keep your information safe and secure. This is a responsibility we take very seriously.
Recently, a major security concern on the Internet was discovered, nicknamed “Cloudbleed”. This issue affected sites running on CloudFlare, a service that provides infrastructure, performance optimization, and security services to many sites on the Internet. Please note that Refund Retriever does not use CloudFlare for any of our shipping auditing services or for your customer dashboard. This means that we are not directly impacted by Cloudbleed, but our technology experts monitor and proactively evaluate how all security outbreaks affect us and our customers.
You can read additional technical details about Cloudbleed from the group at Google that discovered the bug as well as CloudFlare’s response. However, to briefly summarize, a misconfiguration on CloudFlare’s end was causing it to leak details from some web requests it was responsible for handling. This means that anything you may have sent to an affected site, such as usernames and passwords, could be exposed (for instance, in various search engine caches). This leaking is known to have occurred from September 2016 to February 2017.
What does this mean for you? If you logged into any of the affected sites (which includes sites like Uber and Yelp), you should consider that information compromised, and should change your passwords on those affected sites immediately. (You can find a list of potentially impacted sites.) CloudFlare has indicated that they know of any malicious attacks resulting from this security bug, but you should always exercise extreme caution on the Internet and changing passwords would be your best course of action. (As well as exercising other security practices, such as using two-factor authentication on sites that offer it)
Again, your Refund Retriever information is safe and secure. However, if your Refund Retriever password is the same as you use anywhere else, we recommend you change your password immediately as well. It is always best to never repeat passwords between websites, use complicated, hard to guess passwords, and use a password manager (like 1Password or LastPass) to enforce these safe habits.
If you have any questions with regard to Cloudbleed or the security of the information that you entrust Refund Retriever with, please do not hesitate to reach out to firstname.lastname@example.org or contact us via your customer dashboard at https://client.refundretriever.com.