New leak exposes a trove of personal passwords and sensitive info
Cloudflare, one of the giants of internet security responsible for keeping the websites we all visit safe, is itself the source of a vulnerability that has the potential to rival the Heartbleed bug of 2014. And to make things worse, we don't even know the full extent of the damage yet.
Let's get this out of the way early: Change your passwords.Starting with Uber, Ok Cupid, Yelp, Fitbit, and Authy. But if you don't use the services, don't get complacent. There's a long list of sites that could be affected, and new ones are bound to be added, so stay vigilant.
The leak, being referred to as "Cloudbleed," is a vulnerability that has divulged everything from passwords to private messages on dating sites, hotel bookings and other personal info. And to make things more terrifying, even sites that don’t use the company's service but have a lot of Cloudflare users could have compromised data on their servers.
SEE ALSO:Feds secretly forced Twitter to disclose a user's identity — twiceCloudflare officially announced the situation in a blog post on Thursday night, attributing it to an error in coding that resulted in a "buffer overrun" that was "quickly identified." Cloudflare’s software works to store your data in securely, but because of this bug, some data was accidentally leaked in a way that was not secure enough. Cloudflare has worked to fix this, but the problem is search engines like Google often cache a version of the data, and because of this it’s possible that the data is still out there.
A member of Google's Project Zero team, Tavis Ormandy, noticed the suspected security issue with Google's Edge Network to Cloudflare last Friday, however, the leak could reportedly have begun back on Sept. 22, 2016.
Tweet may have been deleted
As for the information in jeopardy, Ormandy feels you have good reason to fear. "The examples we're finding are so bad ... I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings,' he wrote. "We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything."
Tweet may have been deleted
In his online forum, Ormandy detailed his time spent working with Cloudflare to resolve the issue, and admitted he is unaware what information, if any, was compromised. "I don't know if this issue was noticed and exploited, but I'm sure other crawlers have collected data and that users have saved or cached content and don't realize what they have, etc.," Ormandy wrote.
"I didn't realize how much of the internet was sitting behind a Cloudflare CDN until this incident."
Featured Video For You
Apple's new 'Apple Park' spaceship campus will open in April
(责任编辑:新闻中心)
- 21 Lost and Lonely Cemeteries
- Florida Amendment 11: Why gun safety advocates oppose the criminal justice reform.
- North Korean drone intruded on no
- 全市人力资源和社会保障暨人社扶贫工作会议召开
- 25 Years Later: A Brief Analysis of GPU Processing Efficiency
- 11 Places to See Tiny Trains
- From Hermes to Montblanc: A guide to the fanciest smartwatches of 2019
- Trump's trip to London gets a cheeky 'baby blimp' ad from Sky News
- North Korean drone intruded on no
- Ford can make your Mustang Mach
- New cases over 2,000 for 4th day amid relaxed virus curbs
- Watch Mark Zuckerberg's sad effort to defend a secret dinner with Trump
- Lee insists again on universal COVID
-
'Please find her': Man dies amid 25
Song Gil-yong speaks during a public campaign dedicated to finding his missing daughter, Hye-hee, in ...[详细] -
What’s behind the emergence of Kim Jong
North Korean leader Kim Jong-un speaks at a lecture to commemorate the 76th founding anniversary of ...[详细] -
North Korean drone intruded on no
An attack helicopter flies during an anti-drone training exercise in Paju, a city near the inter-Kor ...[详细] -
雅安日报/北纬网讯3月20日,石棉县栗子坪小学开展了叠被子比赛。比赛场上,参赛选手迅速进入状态,熟练地叠起被子,在规定的时间里,本着“既快又好”的原则,在很短时间内就叠出了方方正正的被子,并整整齐齐地 ...[详细]
-
雅州利剑集中攻坚执行大会战专项行动启动走进位于青衣江畔雨城区三雅路6号的雅安市中级人民法院,办公环境窗明几净,法院干警热情服务……一缕缕文明新风扑面而来。文明的厚度,决定发展的高度。2018年,获“四 ...[详细]
-
Police drop defamation probe over Japanese diplomat's disparaging remarks against Moon
This photo shows Hirohisa Soma, former deputy chief of mission at the Japanese Embassy in Seoul. (Yo ...[详细] -
Submit your product for Mashable's 'Best Tech of CES 2020'
It's that time of year again: CES 2020 is almost here, which means we're almost ready for another ex ...[详细] -
S. Korea OKs $4.32 mil. worth of private humanitarian aid to NK in 2022
This undated photo shows North Korean leader Kim Jong-un visiting a rice paddy. YonhapSouth Korea ap ...[详细] -
9 Festive Holiday Treats and Where to Find Them
Whether it’s lechón(roast suckling pig) for Noche Buena in the Philippines or an aspic made ofbathtu ...[详细] -
市市场监管局开展“3·15”消费者权益日宣传活动近日,市保护消费者权益委员会公布了我市2018年的典型消费维权案例。在这些案例中,商品类投诉热点集中在家用电器、服装鞋帽、房屋及建材、生活和社会服务以及 ...[详细]
Apple to start manufacturing iPhone Pro in India, report claims
Samsung's new Galaxy A71 and A51 hint at what the Galaxy S11 will look like
- Newborns hit new low, but births to those unmarried reach record high: data
- 5 Days of Awesome Wallpapers: Geometric and Architectural Wallpapers
- Bernie Sanders unveils his plan to bring everyone high
- 全市人力资源和社会保障暨人社扶贫工作会议召开
- Ruling bloc divided on foreign nannies' pay
- Google Maps 'Lighting' layer could help make walking safer
- Programmer arrested by U.S. authorities after North Korea cryptocurrency talk