Cloudflare Warns That Bug Might Have Exposed Private Data

For those unfamiliar with Cloudflare, they are a website that helps to optimize security and performance of millions of websites. Unfortunately it seems that no thanks to a software bug, the service might have accidentally opened themselves up to a data breach in which the company warned that private data such as passwords, cookies, and authentication tokens might have been leaked.

According to a post on Cloudflare’s blog, they say that the breach was brought to their attention by Tavis Ormandy from Google’s Project Zero, and that this issue has been going on for the past few months, so hackers who might have known about the breach have had plenty of time to download all the necessary information.

Cloudflare CTO John Graham-Cumming writes, “The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.”

However despite the fact that there has not been any evidence of malicious exploits, you might want to consider changing your passwords all the same. Some big name services/websites that rely on Cloudflare include Uber, Fitbit, and OKCupid, just to name a few. You can find the unofficial list of websites on Github if you’re interested.

Tyler Lee
Categories: General
Tags: Hack, Security