CloudFlare is a legitimate service that specializes in protecting websites from various types of online attacks. WAF, DDoS protection and SSL stand like three guardians against many potential threats. In addition to strong security measures, CloudFlare also runs a feature to enhance websites with its global CDN and web optimization elements. However, even quite powerful and reliable services at times face situations that are unenviable. This time, CloudFlare has been involved in a major security breach. Now, millions of loyal customers are realizing that their credentials and other confidential information has been reveled and cached by search engines. This is not the first time that questionable publicity has been directed to this facility: a dark mark for it is that brutal group called ISIS were actual customers of CloudFlare.
CloudFlare admits that the data breached occurred and explains that this happened because of some essential vulnerabilities in their software. For this reason, thousands of users are now facing major detriments as their various confidential data might have been reachable by hackers. According to the authorities from CloudFlare, the detected flaw had been around for a long time, but only after the developers of CloudFlare decided to modify their software the flaw became functional. After the changes were concluded, the vulnerability started to leak personal information.
CloudFlare also insists that actual hackers did not manage to exploit this bug, but it is complicated to distinguish whether this is really true. Once again, Project Zero by Google was the one to first discover the unintentional bug. As it turned out, the flaw exposed various information about CloudFlare clients: cookies, encryption keys, private messages, IP addresses, passwords and HTTPS requests. Since CloudFlare is utilized by millions of famous companies, data from some of them was also exposed in the breach. If you have an account in Coinbase, Digital Ocean, Znedesk, OK Cupid, Namecheap, Yelp, Uber, Pastebin, Feedly, National Review, 4 Chan or in many others, we advise you to change your passwords.
CloudFlare predicts that the data leakage first began in autumn of 2016, meaning that users were jeopardized for quite some time. In our opinion, CloudFlare should pay more attention to its security and reassure that such accidents would not take place again. We are glad that no malicious activity was detected that would have showed signs of attempts to exploit this curious bug. If information about CloudFlare users get compromised, service promises to be aware of it and inform victims without any delay. It is good that SSL keys appeared to have been left untouched, but there is a chance that private key, exploited for successful connections between mechanisms, might have been jeopardized.
Source: extremetech.com.
Read "CloudFlare underwent a huge data leakage: clients should change their passwords" in other languages
- CloudFlare ha pasado por una increÃble filtración de datos: los clientes deberÃan cambiar sus contraseñas (es)
- CloudFlare passou por uma enorme fuga de dados: os clientes devem alterar as suas palavras-chave (pt)
- CloudFlare ha subito un enorme furto di dati: i clienti dovrebbero cambiare le loro password (it)
