Security Alert – Cloudbleed

By | February 27, 2017

 

Cloudbleed is a major vulnerability that potentially affects millions of websites served by Cloudflare, a security and performance service. A bug in Cloudflare’s code led to an indeterminate amount of data—including encryption keys, chat logs, cookies, and passwords—to be leaked out onto the open web and cached by search engines like Google.

For you geeks out there, Cloudbleed is especially interesting because a single character in Cloudflare’s code lead to the vulnerability. Based on what’s been reported, it appears that Cloudbleed works a bit like Heartbleed in how it leaks information during certain processes. The scale of Cloudbleed also looks like it could impacts as many users as Heartbleed, as it affects a common security service used by many websites.

Cloudflare’s customers include massive websites like Uber, OKCupid, and Fitbit.