By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    customer experience analytics
    Using Data Analysis to Improve and Verify the Customer Experience and Bad Reviews
    6 Min Read
    data analytics and CRO
    Data Analytics is Crucial for Website CRO
    9 Min Read
    analytics in digital marketing
    The Importance of Analytics in Digital Marketing
    8 Min Read
    benefits of investing in employee data
    6 Ways to Use Data to Improve Employee Productivity
    8 Min Read
    Jira and zendesk usage
    Jira Service Management vs Zendesk: What Are the Differences?
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Cloudflare admits bug leaked customer data for months
Share
Notification Show More
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Cloudflare admits bug leaked customer data for months
Security

Cloudflare admits bug leaked customer data for months

CIO Dive
Last updated: 2017/10/15 at 8:52 PM
CIO Dive
3 Min Read
Image
SHARE
  • Dive Brief:

    • Cloudflare announced Thursday that its edge servers leaked sensitive data — including customer passwords, cookies and authentication tokens — for months, according to a company blog post.
    • Cloudflare chief technology officer John Graham-Cumming said the company’s edge servers “were running past the end of a buffer and returning memory that contained private information,” admitting that the flaw “could have allowed anyone who noticed the error to collect a variety of very personal information that is typically encrypted or obscured.”
    • The content delivery network says the leak, which some are referring to as “Cloudbleed,”  may have been active as early as Sept. 22, 2016, though it was at its most severe between Feb. 13 and Feb. 18. During that time, around one in every 3.3 million HTTP requests to Cloudflare sites may have exposed data. The flaw was reported by a security researcher at Google’s Project Zero.

    Dive Insight:

    Well, it’s time to change your passwords. Again. Cloudflare offers services to more than 5 million websites and has large customers like Uber and OkCupid, so a data leak could potentially be devastating.

    Contents
    Dive Brief:Dive Insight:

    Though Cloudflare moved quickly to fix the problem once it was informed about it, that still leaves a period of about five months when leaked private information could have been intercepted real time or cached by search engines.

    Cloudflare personnel say they don’t believe anyone has taken advantage of the leak. Nevertheless, users of the service may want to change their passwords, to ensure accounts are not compromised. Some Cloudflare customers, like Creative Commons and Change.org, are mandating users reset passwords even if they were not directly impacted.

    “Because our donor data did not touch the Cloudflare service, we do not believe it was ever at risk,” wrote Eric Steuer, director of content and community at Creative Commons. “Additionally, Cloudflare has contacted us directly and informed us that we are not among the sites they know of that were affected by the leak. Despite this, out of an abundance of caution, we are requiring all CCID users to reset their passwords.”


    This post originally appeared on our sister publication, CIO Dive. Our mission is to provide busy professionals like you with a bird’s-eye-view of the Information Technology industry in 60 seconds.

CIO Dive October 15, 2017 February 28, 2017
Share This Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai can help with nurse burnout
Breakthroughs in AI Are Helping to Prevent Nurse Burnout
Artificial Intelligence Exclusive
AI in marketing
AI Can’t Replace Creativity When Crafting Digital Content
Artificial Intelligence
ai in furniture design
Top 5 AI-Driven Furniture Engineering Design Applications
Artificial Intelligence
data protection regulation
Benefits of Data Management Regulations for Consumers & Businesses
Data Management

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

ai and cybersecurity
Artificial Intelligence

AI Technology is Invaluable for Cybersecurity

16 Min Read
data security for software companies
Security

Supply Chain Tips for Software Companies to Avoid Data Breaches

9 Min Read
sobm for ai-driven cybersecurity
Security

Software Bill of Materials is Crucial for AI-Driven Cybersecurity

9 Min Read
IoT Cybersecurity
Internet of Things

4 Common Misconceptions Surrounding IoT Cybersecurity Compliance

8 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

data-driven web design
5 Great Tips for Using Data Analytics for Website UX
Big Data
giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?