Cloudflare, a company that provides internet security, reverse proxy, content delivery, and domain name server services for thousand of websites, has suffered a large security breach. Facebook, Google, Amazon, and Twitter do NOT use Cloudflare, but other companies such as
Uber, Fitbit, OkCupid, Creative Commons, Medium and 1Password are among Cloudflare’s millions of clients.
What happened? In short, during September 22, 2016 to February 18, 2017, session tokens, passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. That data was cached by search engines, and may have been collected by random adversaries over the past few months.
Here's what you'll want to know about the data breach:
- How to secure your data after the Cloudflare leak
- List of Sites possibly affected by Cloudflare's #Cloudbleed Leak (work in progress)
- Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster
- CloudBleedCheck: CloudBleedCheck allows you to check if a domain name is affected by CloudBleed bug.
Database contains 4,287,625 entries of potentially affected domains.
- Quantifying the Impact of "Cloudbleed" (incident breakdown from Cloudflare)
Partial list of Cloudflare customers:
Now is a good time to change any passwords you have with any of the companies involved in the data breach. Some of the companies involved may begin a forced password reset campaign so you might be getting notices to reset passwords.
If you have more than one or two passwords, password managers greatly improve security because they allow different passwords to be assigned to individual sites without the need to remember them. And it makes the login process easy and quick. Check our list of the Best Free Web Form Filler and Password Managers for suggestions.
You can find more Tech Treats here.
Please rate this article: