Cloudbleed - first major privacy compromise of 2017
The first big privacy compromise of the year appears to have arrived with popular website content distribution network provider Cloudflare apparently having been compromised.
Cloudflare offers CDN and denial of service attack protection to over five million websites around the world and late last week announced that a bug had caused it to randomly leak potentially sensitive customer data. The bug has been fixed, however customers are advised to change their passwords.
According to Wired magazine, "Cloudbleed" as the bug is known, enables Cloudflare's platform to randomly insert data from any of its customers onto the website of a smaller subset of customers.
Leaked data includes sensitive cookies, login credentials, API keys, and other tokens, including some of Cloudflare's own internal cryptography keys.
Cloudflare CEO Matthew Prince says the company has identified 150 of its customers whose data was impacted in some way.
"We don't like screwing up. It hurts. I don't want to downplay the severity of this. It was a very bad bug," Prince told Wired magazine.
Users can check to see if their details have been compromised by installing the browser extension described here.
You must be logged in in order to post comments. Log In