What is Cloudbleed and Why Should You Care?
A company called Cloudflare provides web security and performance boosts to millions of websites including Fitbit, OkCupid, Uber, and Yelp and millions of others. Recently, it was discovered that Cloudflare has been leaking user data on to the Web from September 22 2016 until February 18, 2017. The leak was discovered by Google researchers and reported to Cloudflare on February 18. Cloudflare detailed the problem in a public announcement on Thursday, February 21, 2017.
Between September 22, 2016 to February 18, 2017, sites using Cloudflare services, leaked session tokens, passwords, private messages, API keys, and other sensitive data randomly. That data was also cached (stored) by search engines, and may have been intercepted by hackers and other miscreants. Whatever information was intercepted by criminals would likely be sold or posted online.
This entire episode is referred to as Cloudbleed.
Many sites you probably use often were NOT affected.
Sites NOT affected are:
Some of the larger sites that WERE affected by Cloudbleed are:
You can get a complete list of sites that were affected by Cloudbleed from this page.
If you a log-in account on any of the affected sites, it would be a good idea to change your password for those sites. According to Cloudflare, about 1 out of every 3.3 million requests exposed user data. While 1 out of 3.3 million does not sound like a lot, in web traffic terms it is quite significant.
And, just so you know, Cloudeight is NOT affected by Cloudbleed.
We are posting this information to keep you informed and not to alarm you. Keep in mind that as a general rule, it’s a good idea to change your passwords every 3 to 6 months anyway. So if you do have accounts with any of the affected sites, now would be a great time to change your passwords.
Cloudie’s Birthday “Pay What You Like” Sale is going on now!
You pick the price; you get a great deal – and help Cloudeight too!