Cloudbleed – another critical reason to change your password
A tiny bug present in CloudFlare’s code has led to unknown amount of data being leaked all over the internet. These data include passwords, personal information, cookies and more. Cloudbleed is a scary bug affecting a lot of people.
So, what is CloudFlare anyways?
CloudFlare is a CDN or a content delivery network. Besides that, they also provide domain name services and internet security. However, CloudFlare’s services mostly reside between the hosting provider and the user. The provide security from DDoS, have web firewall services, reverse proxy, DNS and obviously CDNs.
The company has a good reputation when it comes to offering its services and that is why the Cloudbleed bug was patched right after it was detected. Tavis Ormandy of Google’s Project Zero identified the vulnerability, and at the time of writing this article, the bug is resolved.
So, what’s the bad news?
The problem with Cloudbleed is that the data was leaking for a long time. It started sometime in September 2016 and it was noticed near the end of February 2017. Now, that is a lot of time for hackers to siphon a large amount of data and post it right on the dark web for sale. That is what generally happens when there are hacks, breaches or data leaks.
If Ormandy is the first person to notice this bug, then we’re all lucky, it’s very unlikely that it will be so. So, before the amount of damage caused can be comprehended, the best thing to do first is to change all your passwords online.
CloudFlare’s services are used by a lot of sites such as Uber, Fitbit, OKCupid and more. There was a very minor error in their code, where a “==” or “is equal to” was written as “>=” or “greater than or equal to”. This made CloudFlare’s software write users’ data elsewhere (such as a completely different website) when the software’s buffer got full.
Have you been pwned?
CloudFlare says that a very small amount of data was leaked. However, it is advisable to log out and log in to all sites and apps on your smartphones. Also, change the password in case you have not done it recently.