Cloudbleed: No User Data Was Shared

You may have heard about the Cloudflare bug, dubbed Cloudbleed, which has potentially affected the security of websites supported by Cloudflare Proxy services. The bug was discovered by Google’s security vulnerability detecting team last Friday and has been described in detail on the Cloudflare blog.

FOCUS Featured Image (Default)

In summary: we’d like to reassure MindMeister and MeisterTask users that no user data has been compromised as a result of the leak.

At MeisterLabs, privacy and security are massively important to us. We would never want to risk our security by streaming private data through a proxy server that’s unknown to us. As a result, we serve all private data directly from our servers, housed in a Tier III certified data centre in Frankfurt, Germany. All data is delivered to your browser through secure SSL encryption.

We’ve also never used Cloudflare for website attack prevention, instead choosing other stringent processes (listed below), none of which have been compromised.

We use Cloudflare CDN simply to increase the speed of our website. Both MindMeister and MeisterTask use Cloudflare DNS and Cloudflare Proxy as a CDN, solely for public static assets like JavaScript, images and style sheets. While the assets are affected by Cloudbleed, no private data has been leaked. The CDN assets are loaded from 12 different domains, full details for which are listed below, if you’re interested*.

You can read more about how we work to ensure your personal data and ideas remain safe, via the following links:

We know these kinds of leaks can be worrying so if you have any questions or comments, please do reach out, either via the comments below or by emailing [email protected]

*And for those of you who are interested in the security nitty gritty, we load the CDN assets for public static assets, with Cloudflare Proxy, from the following hosts:

  • cdn(0-6)
  • cdn(0-6)