Cloudbleed – Serious CloudFlare vulnerability
Posted February 27, 2017 by Simon
What is Cloudbleed?
Cloudbleed is the name of a serious security breach from the content delivery network company CloudFlare. The breach leaked passwords, cookies, session keys and other sensitive information. This information was leaked to thousands of websites over a six month period.
Is Cloudbleed still a security vulnerability?
CloudFlare have fixed the vulnerability, so Cloudbleed is no longer a security issue. CloudFlare stopped the bug in less than an hour, and completely fixed the problem within 7 hours. However, the CloudFlare bug is believed to have been affecting websites as far back as September of 2016, so we will likely be hearing more about Cloudbleed as other companies check their systems.
How many people are at risk from Cloudbleed?
It’s difficult to put an exact figure on the number of users who have been affected, but the consensus is that it is low. According to CloudFlare, about “1 in every 3,300,000 HTTP requests through Cloudflare” could have resulted in memory leakage, this was later clarified to be in the region of 0.00003% of requests.
What information was leaked?
Websites that are secured with an SSL certificate have https at the beginning of their address. CloudFlare helps with moving information that users enter on those sites to servers, securely.
The issue with Cloudbleed was that some of that secure information was saved when it should not have been, and some of the saved information was then cached by Google and other search engines. The information saved could have been images, usernames, passwords, server information and protocols.
It’s important to note that so far there is nothing to suggest that any of this information was accessed by hackers.
What do I do now?
We advise that you use this tool to find out of any of the sites you access use CloudFlare. If you have accounts with any of the exposed sites, we recommend that you change your passwords for those sites immediately. If any of the sites offer two step verification, we also recommend setting this up, as it means that even if your password is compromised, the hacker will be unable to get into your account.
If you have any concerns or questions about security, then please get in touch.