[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Cloudbleed: What Does It Mean and Who’s At Risk?

Published on
10,354 Points
12 Endorsements
Last Modified:
Experts Exchange
We connect you with people and information to solve problems, inspire learning and influence the future of technology.

February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter that massive stores of data have been leaked by CloudFlare, a company that provides internet security, content delivery, and domain name services to more than 2 million websites, since September. 

Random cyber adversaries have had access to passwords, private messages, API keys, and other sensitive pieces of information from major sites such as FitBit and Uber due to the fact that this leaked information was being cached by search engines.

“In the early hours this morning, Experts Exchange was notified by CloudFlare that our domain was not found in the caches of exposed data during the Cloudbleed situation,” says Phil Phillips, DevOps Director at Experts Exchange.

Specifics of the leak have been laid out in detail by Ormandy on Monorail, an issue tracking site for chromium-related projects, showcasing that the leak was originally discovered by him and reported on February 19th.

CloudFlare stated in their press release that the greatest period of consumer impact occurred between February 13-18 with close to “1 in every 3,300,000 HTTP requests” resulting in a possible memory leak.

To be sure of your company’s security, check out the list of domains affected by this leak. If yours is included on the list, immediately begin repair and mitigation. If yours was not included, our team of experts advises that each individual in your company still proceeds with changing passwords and access codes.

In the days ahead, as companies begin to understand and navigate the level of damage caused by Cloudbleed, Experts Exchange is poised to be the location for handling questions and solutions on the topic. 

For more information on the leak and how to secure your domain moving forward, reach out to our community with questions on processes and best practices; reference protocols established on site during similar past instances, like Heartbleed’s large data leak in 2015; and stay plugged in to provide your expertise in helping other members as they mend and rebuild.
LVL 22

Expert Comment

by:David Atkin
I've used Cloudflare for about a year now.  Fortunately none of my sites where subject to the 'Cloudbleed' bug.

You have to admire CloudFlare's transparency with this issue - It's something that they do well.  The actual CloudFlare write up is far beyond my understanding but from the laymans point of view, it sounds like the response time for the issue and fix was excellent.

Despite the issue I'm happy to continue using their service.

Expert Comment

by:Mihai Corbuleac
Very transparet, not like Yahoo's recent security breach.

Featured Post

Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Join & Write a Comment

In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month