<

Cloudbleed: What Does It Mean and Who’s At Risk?

Published on
9,365 Points
4,165 Views
12 Endorsements
Last Modified:
Experts Exchange
We connect you with people and information to solve problems, inspire learning and influence the future of technology.

February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter that massive stores of data have been leaked by CloudFlare, a company that provides internet security, content delivery, and domain name services to more than 2 million websites, since September. 

Random cyber adversaries have had access to passwords, private messages, API keys, and other sensitive pieces of information from major sites such as FitBit and Uber due to the fact that this leaked information was being cached by search engines.

“In the early hours this morning, Experts Exchange was notified by CloudFlare that our domain was not found in the caches of exposed data during the Cloudbleed situation,” says Phil Phillips, DevOps Director at Experts Exchange.

Specifics of the leak have been laid out in detail by Ormandy on Monorail, an issue tracking site for chromium-related projects, showcasing that the leak was originally discovered by him and reported on February 19th.

CloudFlare stated in their press release that the greatest period of consumer impact occurred between February 13-18 with close to “1 in every 3,300,000 HTTP requests” resulting in a possible memory leak.

To be sure of your company’s security, check out the list of domains affected by this leak. If yours is included on the list, immediately begin repair and mitigation. If yours was not included, our team of experts advises that each individual in your company still proceeds with changing passwords and access codes.

In the days ahead, as companies begin to understand and navigate the level of damage caused by Cloudbleed, Experts Exchange is poised to be the location for handling questions and solutions on the topic. 

For more information on the leak and how to secure your domain moving forward, reach out to our community with questions on processes and best practices; reference protocols established on site during similar past instances, like Heartbleed’s large data leak in 2015; and stay plugged in to provide your expertise in helping other members as they mend and rebuild.
12
Comment
2 Comments
 
LVL 22

Expert Comment

by:David Atkin
I've used Cloudflare for about a year now.  Fortunately none of my sites where subject to the 'Cloudbleed' bug.

You have to admire CloudFlare's transparency with this issue - It's something that they do well.  The actual CloudFlare write up is far beyond my understanding but from the laymans point of view, it sounds like the response time for the issue and fix was excellent.

Despite the issue I'm happy to continue using their service.
2
 
LVL 1

Expert Comment

by:Mihai Corbuleac
Very transparet, not like Yahoo's recent security breach.
1

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Join & Write a Comment

This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month