February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter that massive stores of data have been leaked by CloudFlare, a company that provides internet security, content delivery, and domain name services to more than 2 million websites, since September.
Random cyber adversaries have had access to passwords, private messages, API keys, and other sensitive pieces of information from major sites such as FitBit and Uber due to the fact that this leaked information was being cached by search engines.
“In the early hours this morning, Experts Exchange was notified by CloudFlare that our domain was not found in the caches of exposed data during the Cloudbleed situation,” says Phil Phillips, DevOps Director at Experts Exchange.
Specifics of the leak have been laid out in detail by Ormandy on Monorail, an issue tracking site for chromium-related projects, showcasing that the leak was originally discovered by him and reported on February 19th.
CloudFlare stated in their press release that the greatest period of consumer impact occurred between February 13-18 with close to “1 in every 3,300,000 HTTP requests” resulting in a possible memory leak.
To be sure of your company’s security, check out the list of domains affected by this leak. If yours is included on the list, immediately begin repair and mitigation. If yours was not included, our team of experts advises that each individual in your company still proceeds with changing passwords and access codes.
In the days ahead, as companies begin to understand and navigate the level of damage caused by Cloudbleed, Experts Exchange is poised to be the location for handling questions and solutions on the topic.
For more information on the leak and how to secure your domain moving forward, reach out to our community with questions on processes and best practices; reference protocols established on site during similar past instances, like Heartbleed’s large data leak in 2015; and stay plugged in to provide your expertise in helping other members as they mend and rebuild.