Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Tech News

Cloudbleed: What the average person must know about Cloudflare’s security crisis

(TECH NEWS) Security breech in widely used internet security company leaves many accounts vulnerable. If you want your adult site activity and bank passwords made public, ignore this story.

cloudbleed

What Exactly Happened?

Over the past 24-hours, you may have seen a series of articles asking if you should be worried about Cloudbleed, a massive new online security bug discovered on February 24. We’ll cut to the chase: Yeah, you probably should be worried.

bar

Cloudbleed rundown

Before we sound the alarms, let’s go over what exactly Cloudbleed is. On Friday, Tavis Ormandy of Google’s Project Zero found a vulnerability in Cloudflare, one of the world’s leading internet security companies.

The bug apparently resulted in Cloudflare-backed websites leaking data for months – as far back as September 2016.

The code has now been fixed, but Cloudflare’s clients include huge companies like Uber, OKCupid, ZenDesk, Bain Capital and FitBit, meaning your sensitive data from any of those companies or a long list of others could have been compromised.

Cloud-what??

The name Cloudbleed was inspired by the 2014 security bug Heartbleed, another massive security bug that affected up to 500,000 websites. This time around, while only 3,400 websites are believed to have the Cloudbleed bug.

Advertisement. Scroll to continue reading.

However, many of those sites leaked private data that came from other Cloudflare clients, so the actual number of sites with compromised data could be much higher.

The Cloudbleed bug is no longer active – it was stopped within just 44 minutes of finding out about it and completely solved within 7 hours – but there is no way to get back all the data that may have been leaked.

But I Don’t Use Cloudflare…

Even though the name Cloudflare may not be familiar, chances are a website you frequent uses their service for security online. However, Cloudflare says that during the peak of Cloudbleed about “1 in every 3,300,000 HTTP requests through Cloudflare” potentially resulted in memory leakage, which is about 0.00003% of requests. The data leaked could have been passwords and usernames, private photos or videos, or behind-the-scenes things like server information.

Cleaning up the bleed

Here’s the thing with Cloudbleed – as far as we know, it’s over. You can use this easy search engine to see if services you use rely on Cloudflare and promptly change your passwords, but nothing you can do now will reverse the leaked data.
[clickToTweet tweet=”Don’t jump ship on all sites that use Cloudflare but you should change your passwords regularly.” quote=”You should not jump ship on all websites that use Cloudflare for security, and instead should just get more used to changing your passwords regularly.”]
Using two-step verification when offered is a good idea, too.

For now, the biggest significance of Cloudbleed is that it reminds us that services like Cloudflare do provide stronger, more secure protections than the average company would probably implement on their own, but that convenience also leads to a new series of risks. Maybe this is a massive understatement, but the saying “No use crying over spilled milk” seems especially relevant here. When you spill milk, you clean it up, but there isn’t much more you can do.

#CloudBleed

Advertisement. Scroll to continue reading.
Written By

Brian is a staff writer at The American Genius who lives in Brooklyn, New York. He is a graduate of Washington University in St. Louis, and majored in American Culture Studies and Writing. Originally from California, Brian has a podcast, "Revolves Around Me," and enjoys public transportation, bicycles, the beach.

1 Comment

1 Comment

  1. Pingback: Make the internet seamless regardless of which device you're using at the moment - The American Genius

Leave a Reply

Your email address will not be published.

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Advertisement

KEEP READING!

Tech News

Get a first look at upcoming tools and tech with Google's new AI Test Kitchen, a curated space where users can try out beta...

Tech News

If you have files on Amazon Drive, the service is being sunset soon - better back those files up.

Tech News

If you open Gmail today, things might look and act differently, but the changes are being well received - here's what's new.

Tech News

Tech companies like Slack, JPMorgan, and Zoom are more open to hiring those with criminal records. Why should you follow their lead?

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.