February 24, 2017
— On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on
Twitter that massive stores of data have been leaked by CloudFlare, a company that provides internet security, content delivery, and domain name services to more than 2 million websites, since September.
Random cyber adversaries have had access to passwords, private messages, API keys, and other sensitive pieces of information from major sites such as FitBit and Uber due to the fact that this leaked information was being cached by search engines.
“In the early hours this morning, Experts Exchange was notified by CloudFlare that our domain was
not found in the caches of exposed data during the Cloudbleed situation,” says Phil Phillips, DevOps Director at Experts Exchange.
Specifics of the leak have been laid out in detail by Ormandy on
Monorail, an issue tracking site for chromium-related projects, showcasing that the leak was originally discovered by him and reported on February 19th.
CloudFlare stated in their
press release that the greatest period of consumer impact occurred between February 13-18 with close to “1 in every 3,300,000 HTTP requests” resulting in a possible memory leak.
To be sure of your company’s security, check out the
list of domains affected by this leak. If yours is included on the list, immediately begin
repair and mitigation. If yours was not included, our team of experts advises that each individual in your company still proceeds with changing passwords and access codes.
In the days ahead, as companies begin to understand and navigate the level of damage caused by Cloudbleed, Experts Exchange is poised to be the location for handling questions and solutions on the topic.
For more information on the leak and how to secure your domain moving forward, reach out to our community with
questions on processes and best practices; reference protocols established
on site during similar past instances, like Heartbleed’s large data leak in 2015; and stay plugged in to provide your expertise in helping other members as they mend and rebuild.
Comments (2)
Commented:
You have to admire CloudFlare's transparency with this issue - It's something that they do well. The actual CloudFlare write up is far beyond my understanding but from the laymans point of view, it sounds like the response time for the issue and fix was excellent.
Despite the issue I'm happy to continue using their service.
Commented: