ITP Sites:   ITP Site|TechBlog|TechHub in schools|NZ CloudCode|All Tech Events|Software Escrow NZ

ITP Techblog

Brought to you by IT Professionals NZ
« Back to Home

Cloudbleed - first major privacy compromise of 2017

Paul Brislen, Editor. 27 February 2017, 7:32 am
Cloudbleed - first major privacy compromise of 2017

The first big privacy compromise of the year appears to have arrived with popular website content distribution network provider Cloudflare apparently having been compromised.

Cloudflare offers CDN and denial of service attack protection to over five million websites around the world and late last week announced that a bug had caused it to randomly leak potentially sensitive customer data. The bug has been fixed, however customers are advised to change their passwords.

According to Wired magazine, "Cloudbleed" as the bug is known, enables Cloudflare's platform to randomly insert data from any of its customers onto the website of a smaller subset of customers.

Leaked data includes sensitive cookies, login credentials, API keys, and other tokens, including some of Cloudflare's own internal cryptography keys.

Cloudflare CEO Matthew Prince says the company has identified 150 of its customers whose data was impacted in some way. 

"We don't like screwing up. It hurts. I don't want to downplay the severity of this. It was a very bad bug," Prince told Wired magazine.

Users can check to see if their details have been compromised by installing the browser extension described here.


You must be logged in in order to post comments. Log In

Web Development by The Logic Studio