A massive memory leak which has been linked to a tiny bug in Cloudflare’s code may have exposed user data, including passwords, personal information, messages, cookies, and more for thousands of sites. Time to change your passwords, this vulnerability is pretty scary.
Cloudflare may not be a company you are familiar with, but their technology is running on a lot of the websites you are familiar with. Cloudflare describes itself as a “web performance and security company.” Cloudflare’s clients include huge companies like Uber, OKCupid, and FitBit, which means a LARGE amount of sensitive data has been compromised.
Whats really ironic is that numerous companies pay Cloudflare to track down the source of spam, a whole menu of products to websites, including performance-based services like content delivery services, reliability-focused offerings like domain name server (DNS) services, and security services like protection against direct denial of service (DDoS) attacks. So companies are relying on Cloudflare to help keep their user data safe and this Cloudbleed information leak did the opposite of that.
This leak was discovered by Tavis Ormandy of Google’s security analysist team Project Zero on February 18th. But possibly started in September of last year.
Below are some of the more notable sites believed to be at risk:
Use this opportunity to change all your passwords, log out and log back in on all your applications on your computer and phones, and while you’re at it, if it’s possible to use two-factor authentication (2FA) or two-step verification (2SV) with sites you consider important, do so.