1. Computing

Here’s a list of sites and services affected by Cloudbleed, and what to do next

By

russian hackers
Last week, we found out about Cloudbleed, a major leak of user data affecting sites and services that use infrastructure provided by Cloudflare. It’s still too early to determine the scale of the problem — but it’s an ideal time to respond if you’re looking to avoid the fallout.

Cloudbleed refers to a memory leak that caused user data from apps and websites that use Cloudflare’s services to be splashed across the internet, and is being compared to the Heartbleed bug that reared its head in 2014. Unfortunately, it’s thought that some of the data leaked as a result of Cloudbleed may have been cached by search engines, meaning that malicious entities could have intercepted it, according to a report from Gizmodo.

Cloudflare has such an enormous list of clients that it’s difficult to list every single site and service that could be affected — although an effort to do just that is in progress on GitHub. Here’s a list of some of more commonly used domains that could have had user data leaked (although there’s no confirmation that they’ve been compromised as of yet):

  • uber.com
  • yelp.com
  • medium.com
  • 4chan.com
  • bitcoin.de
  • fitbit.com
  • authy.com
  • tfl.gov.uk
  • okcupid.com
  • discordapp.com
  • feedly.com
  • thepiratebay.org
  • pastebin.com
  • change.org
  • puu.sh

The above is by no means a definitive list, as millions of domains could potentially be at risk. However, it should demonstrate the variety of services that could be affected.

To check whether any sites or apps you use are at risk, you can scour the full list on GitHub, or use the Does it use Cloudflare? web tool. However, most internet users are likely to hold an account on at least one affected site, so password refreshes are recommended for all.

Changing out every password you are currently using may seem extreme, but the stakes are high. If your user data has been leaked, and you use the same password for multiple sites, it might be possible for a stranger to gain access to all kinds of services on your behalf.

As such, it’s well worth doing a sweep now, and changing up your passwords to ensure that you’re kept safe. The inconvenience of spending a hour or two completing the task is a small price to pay for peace of mind.

This might also be a good time to improve your online security across the board. If you’re not already using a password manager and two-factor authentication to keep your accounts safe, there’s no better time to implement these services.

Above all else, vigilance is key. This is an evolving situation, since the problem was only made public a matter of days ago, and there are so many domains that could be affected. Keep a close eye on important accounts, and if you notice anything suspicious, make sure to follow up.

Editors' Recommendations

Best identity theft protection of 2020

How to use iCloud for backups on your iPhone, iPad, or Mac

how to use icloud

How to root Android phones and tablets (and unroot them)

galaxy s9 Plus hands-on review front full

A beginner’s guide to Tor: How to navigate the underground internet

tor project new onion service security dark web private browsing

We tested the IdeaPad Slim 7 with Intel and AMD CPUs, and found a clear winner

Lenovo IdeaPad S940 review

The best iPad keyboards for 2020

iPad Pro (2018) review

Black Friday arrives early with flash sale on HP Chromebook 11.6 at Best Buy

These are the best cheap MacBook deals for October 2020

Get back to basics: How to disable the Touch Bar on MacBook Pro

These are the best cheap Dell XPS deals for October 2020

These are the best cheap wireless router deals for October 2020

Netgear Nighthawk AC2600 router-top

How to pin a website to the taskbar

dell xps 15 2 in 1 review version 1522861390 front display

The best internet speed tests

internet speed tests

Here’s how to clean out your bloated hard drive in Windows 10

How to install fonts in Windows 10