ALERT! – Cloudflare Discovers Major Bug – ALERT!

Published On March 1, 2017 | By Tom Huskerson | Alerts

Cloudflare, a content delivery and security service, announced a major bug has been discovered that may have exposed users sensitive data on millions of websites. The bug, dubbed ‘Cloudbleed’, was discovered in Cloudflare’s content optimization systems. Exposed data includes passwords, session cookies, authentication tokens and even private messages. The consequences are considerd extremely dangerous. Web users are urged to change their passwords on ALL websites immediately!

You may not have heard of  Cloudflare but it is one of the world’s largest Internet security companies. Cloudflare’s technology is running on millions of websites and in Fortune 500 compnaies. Cloudflare describes itself as a “web performance and security company.”

Cloudfare’s systems modifies HTML pages passing through its servers in order to rewrite HTTP links to HTTPS. This process hides certain content from bots, conceals email addresses, enables Accelerated Mobile Pages (AMP) and more. Cloudflare’s clients include huge companies like Uber, OKCupid,  FitBit and 1Password. 1Password claims its user data is safeBut with the millions of websites using the service it makes this bug an extremely serious threat.  The result is that massive amounts of sensitive data has potentially been compromised.

The data leak was accidently discovered on February 18th by Google security engineers. They immediately alerted Cloudflare. The company responded by quickly assembling an incident response team and shut down the feature causing most of the data leakage within hours. By the 2oth a complete fix was in place. The rest of the time, until the incident was publicly revealed, Cloudflare worked with search engines like Yahoo! Bing and Google to remove the sensitive data from their caches.

According to a blog post from John Graham-Cumming, Cloudflare’s CTO, the leaks could have been going on since September 22. However the period of greatest impact was between February 13 and February 18, when the email obfuscation feature was being migrated. Cloudflare estimates that around one in every 3.3 million HTTP requests that passed through its system potentially resulted in memory leakage.  That equals roughly 0.00003 percent of all requests.

But that does not negate the seriousness of the data leak. Sites that don’t use Cloudflare’s service, but have a lot of Cloudflare users, might have compromised data on their servers. This means the problem has spread all over the Internet. 

In an interview with Gizmodo Cloudflare CEO and co-founder Matthew Prince said, “This is a big deal for us. This is a really bad bug. This is something that our customers should be very cognizant of and should take very seriously.”

Everybody that uses any website is strongly urged to change your passwords immediately. As in right now!

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.