Internet security company Cloudflare revealed a major flaw in their system. The so-called ‘Cloudbleed’ vulnerability leaked customer information from thousands of websites, according to Cloudflare researchers. Fortunately, there have been no signs of exploitation, but that doesn’t mean you should be complacent. Here’s everything you need to know about Cloudbleed.
What is Cloudbleed?
Although it’s technically similar to Heartbleed, a bug that compromised millions of websites and accounts, Cloudbleed is less severe. Google security researcher Tavis Ormandy discovered that several Cloudflare-hosted websites, including Fitbit, Uber, and OkCupid, were inadvertently leaking customer information and saving them within the source code.
For example, when a person visits a bugged Uber page, the website code could contain data and login credentials from another user who recently visited the page. The data may be hidden between several lines of code, but a skilled hacker can easily find it.
Exploiting it, however, is more difficult. The Cloudbleed bug collects random bits of data, which may or may not contain any sensitive information, making it a less attractive point of attack for cybercriminals. Over time, a cybercriminal may be able to compile enough information to exploit, but it doesn’t seem to be a viable option for targeted attacks.
The response
According to Cloudflare, Cloudbleed was triggered 1,240,00 times and found in 6,400 websites between September 22 and February 18. After the bug was discovered, the internet security company quickly alerted affected websites, fixed the code, removed cached pages from search engines, and monitored client websites for any strange website activity.
Cloudflare-hosted websites also checked what data was leaked and reassured customers that there was minimal impact to their private information.
What can you do?
While Cloudflare and other companies are telling everyone that the possibility of Cloudbleed attacks and password leaks is low, you should still ensure your account is safe.
Start by setting stronger passwords with a combination of letters, numbers, and symbols. Make sure to set unique passwords for every online service, especially for any of your accounts that use Cloudflare. Whenever possible, use two-factor verification to keep your account secure even if someone gets a hold of your password.
And, last but not least, contact us for any cybersecurity, cloud, and website issues. We aim to make your internet and cloud experience as safe as possible.
Schedule Your Cloud Services Consultation
Ready to make a move to the cloud? TAG is ready to help with any or all cloud services from a private cloud, public cloud, or Microsoft 365 services.