Thankfully, Cloudflare was quick to respond and to fix the issue. On top of that, the company was completely open and apologetic about how this happened. There was no hiding the ball at all. In fact, Cloudflare’s CEO Matthew Prince noted to me that this kind of thing might be worth writing about, given that it was a different kind of attack (though one he admitted the company never should have fallen for).

So how did this happen? According to Cloudflare, their trust & safety team were trying to go through a backlog of phishing reports and bulk processed them without realizing there was a bogus one (for Techdirt!) in the middle.

The inherent concerns of their pure scale aside, I love how they consistently respond to any issues transparently.

TechDirt is a larger, well-known site.

I’ve had similar things happen to my much less popular site and it took a long time to get it resolved (this wasn’t with Cloudflare, though).

I’m curious what the process would look like for a small startup or something.