Cloudflare revealed a “very bad bug” called the Cloudbleed bug in its code which may have leaked private information on various sites. With that, users should change their passwords as the first action to protect themselves from possibly getting their accounts compromised.
The Cloudbleed Bug
The content delivery network, CloudFlare, announced that a bug has caused a leak from sensitive customer data to the millions of websites it provides their services for. The bug, called Cloudbleed, allows data from sites using the programs of Cloudflare to be leaked into websites with poorly-constructed HTML.
In some instances, random information from any of Cloudflare’s six million customers (like FitBit, Uber, and OKCupid) are inserted into the code of smaller websites. With that, details of a user’s Uber ride, or possibly even their passwords, may make their way to a random site.
But of course, the data will not appear in black and white to be easily read. Moreover, it mostly did not get exposed on high-traffic sites. Still, Matthew Prince, CloudFlare CEO, told WIRED that they “don’t like screwing up” and “it hurts.”
Prince says it is “obviously very serious for us” and “very serious for our customers.” That is why they are not downplaying the “severity” of the issue about the “very bad bug.”
Google vulnerability researcher Tavis Ormandy was the first to discover the flaw in the company’s content distribution. The bug’s biggest impact reportedly happened on February 13 until February 18 but data could have been leaked since September of last year.
Fortunately, Cloudflare was quick to address the bug immediately after figuring out the flaw. They have also worked with Google and various search engines to weed out caches and exposed data.
A Must: Change Password
While CloudFlare is doing all it could to mitigate the issue, doing our part in securing our accounts is important too. Ryan Lackey, a security researcher and former employee of Cloudfare, suggests changing every password of every account.
Yes, it could be quite a hassle. However, taking standard security hygiene measures is highly recommended even though there are very low odds for any given data to be exposed to the bug.
So update your password and take a step further to enable a two-factor authentication for a more ironclad privacy protection. This authentication which is available in some services will need more information (like getting a security code on your smartphone) to log in. Even though you might not be directly exposed to the Cloudbleed bug, the penetration of the flaw is an enough warning to be more cautious than ever.