New leak exposes a trove of personal passwords and sensitive info
Cloudflare, one of the giants of internet security responsible for keeping the websites we all visit safe, is itself the source of a vulnerability that has the potential to rival the Heartbleed bug of 2014. And to make things worse, we don't even know the full extent of the damage yet.
Let's get this out of the way early: Change your passwords.Starting with Uber, Ok Cupid, Yelp, Fitbit, and Authy. But if you don't use the services, don't get complacent. There's a long list of sites that could be affected, and new ones are bound to be added, so stay vigilant.
The leak, being referred to as "Cloudbleed," is a vulnerability that has divulged everything from passwords to private messages on dating sites, hotel bookings and other personal info. And to make things more terrifying, even sites that don’t use the company's service but have a lot of Cloudflare users could have compromised data on their servers.
SEE ALSO:Feds secretly forced Twitter to disclose a user's identity — twiceCloudflare officially announced the situation in a blog post on Thursday night, attributing it to an error in coding that resulted in a "buffer overrun" that was "quickly identified." Cloudflare’s software works to store your data in securely, but because of this bug, some data was accidentally leaked in a way that was not secure enough. Cloudflare has worked to fix this, but the problem is search engines like Google often cache a version of the data, and because of this it’s possible that the data is still out there.
A member of Google's Project Zero team, Tavis Ormandy, noticed the suspected security issue with Google's Edge Network to Cloudflare last Friday, however, the leak could reportedly have begun back on Sept. 22, 2016.
Tweet may have been deleted
As for the information in jeopardy, Ormandy feels you have good reason to fear. "The examples we're finding are so bad ... I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings,' he wrote. "We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything."
Tweet may have been deleted
In his online forum, Ormandy detailed his time spent working with Cloudflare to resolve the issue, and admitted he is unaware what information, if any, was compromised. "I don't know if this issue was noticed and exploited, but I'm sure other crawlers have collected data and that users have saved or cached content and don't realize what they have, etc.," Ormandy wrote.
"I didn't realize how much of the internet was sitting behind a Cloudflare CDN until this incident."
Featured Video For You
Apple's new 'Apple Park' spaceship campus will open in April
(责任编辑:关于我们)
-
CPUs Don't Matter For 4K Gaming... Wrong!
Something we hear a lot these days, especially when it comes to CPU benchmarking, is that CPU perfor ...[详细] -
雅安日报讯一直以来,石棉县人民法院从亲民、便民、利民角度出发,积极探索司法为民举措,对事实清楚、争议不大的案件,在征求当事人同意的情况下,快速调解、当庭执行,对群众的诉求实行一体化解决。近日,石棉县人 ...[详细]
-
连州菜心亮相2023湾区好味榜年度盛典_南方+_南方plus岁寒又冬至,团圆正当时。12月22日,“至爱餐厅·璀璨荟萃——2023湾区好味榜年度盛典”在一场颇具岭南韵味、气势雄壮的《狮承好味》表演中拉 ...[详细]
-
爱心延续15年!“恤孤助学信宜行”走进1195名困境学生家中
爱心延续15年!“恤孤助学信宜行”走进1195名困境学生家中_南方+_南方plus3月23日-24日,广东公益恤孤助学促进会下称“恤孤助学会”)开展了新一期“恤孤助学信宜行”家访核查活动。此次活动恤孤 ...[详细] -
Which iPad Model Is Right for You?
With class-leading hardware and optimized software, the Apple iPad line has long been the default ta ...[详细] -
雅安日报讯日前,宝兴县人民检察院按照宝兴县委政法委的安排开展违纪违法典型案件教育活动。在全院干警会上,检察院组织学习了市委政法委关于在政法系统开展违纪违法典型案件警示教育活动的相关文件精神以及政法干警 ...[详细]
-
雅安日报讯近日,记者从市住房公积金管理中心获悉,根据央行调息通知,自2015年5月11日起,雅安市个人住房公积金贷款年利率下调0.25个百分点,其中五年期以下(含五年)贷款年利率从3.5%调整为3.2 ...[详细]
-
9月30日,央行、银监会联合下发《关于进一步做好住房金融服务工作通知》,也被称之为首套房房贷新政,其中最让人关注的,是关于首付和利率的调整。近日,尽管四大行均表示将认真贯彻执行央行、银监会关于房贷新政 ...[详细]
-
NASA's new plan keeps Starliner astronauts in space until 2025
Have you ever had an eight-day road trip turn into an eight-month excursion? Nope? Well, consider yo ...[详细] -
继加州鲈后又一品种做到行业第一,这家公司有何秘诀?_南方+_南方plus现在在鳜鱼饲料行业,杰大佛山市南海杰大饲料有限公司,下同)是被提及最多的品牌。作为业内最早大规模推广鳜鱼全人工饲料养殖的企业,杰 ...[详细]