Cloudflare Leak Exposes Data from Thousands of Sites
An unfortunate error has led to a massive leak of confidential data online. It's led to calls from users to review their passwords and change the most sensitive ones.
The leak involves Cloudflare, which ironically is a security company. It offers a service by which it acts a little like a gatekeeper for websites, passing on valid requests for data and blocking those designed to cause disruption. In particular, it combats denial of service attacks (DoS) that aim to bring a website down by sheer weight of incoming traffic - usually bogus traffic.
As part of Cloudflare's operations, it temporarily saves website user data in a secure location (known as a buffer). The problem was a simple error in coding where what should have been written ">=" (greater than or equal to) was instead written "==" (equal).
That error meant that when the buffer filled up, rather than write over it, Cloudflare's software wrote the remaining data on a different website that wasn't as secure. To make things worse, that website was being cached by Google's search engine, meaning there's now multiple copies of it available online.
Private Messages Among Leak
Tavis Ormandy, a Google security researcher who discovered the bug, said the leaked data included some information that most certainly should not be publicly available including passwords, cookies (text files with data about a user and their online activity) and even the content of private messages sent through websites. This may include data that is normally transmitted in encrypted form.
He immediately told Cloudflare, which fixed the problem in 47 minutes. However, it appears to have been happening significantly for five days and on a smaller scale as far back as last September.
3,000+ Sites Affected
Exactly what has been exposed is something of a crapshoot. Ormandy says that five days of leaks this month covered data from 3,438 different sites. However, Cloudflare calculates that only one in every 3.3 million page requests led to leaked data. How much of this data was accessed by people with the willingness and ability to abuse it is almost impossible to tell. (Source: cloudflare.com)
Although the chances of any particular individual being affected by the leak are likely very low, security experts say it should be taken as a prompt to review passwords. This could include changing passwords for all sites (or at least the ones with the most sensitive data about the user). Another option to consider is enabling two factor authentication, an added layer of protection that uses access codes sent to an email address or phone to stop unauthorized login attempts from outside the user's usual devices. (Source: gizmodo.com)
What's Your Opinion?
Are you surprised one mistyped character could cause such trouble? Do you regularly update passwords to minimize the effects of such leaks? Do you find two-factor authentication useful or too much hassle?
Infopackets Top Windows 10 FAQs
How to Upgrade from Windows 10 32-bit to 64-bit
How to Fix: Windows 10 Antivirus Missing, Not Compatible
How to Fix: Windows 10 Display Shifted; Screen Fuzzy
How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit
to Downgrade from Windows 10
- How to Fix: Windows 10 Upgrade Failed Error C1900208
- How to Fix: Windows 10 Upgrade Failed Error 80240020
- Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?
Click here for more Windows 10 articles.