Skip to main content
  1. Home
  2. Web
  3. News

‘Cloudbleed’ bug may have leaked your personal data all over the internet

By

Another day, another data leak — though this one might turn out to be a little more monstrous than the rest. Internet infrastructure company Cloudflare has admitted that a bug in its system caused user information to randomly leak across the internet — information that includes cookies, login information, API keys, and more.

The bug, which has been dubbed “Cloudbleed,” was actually first discovered by Travis Ormandy, a Google Project Zero vulnerability researcher, on February 17. It was revealed, however, that the data breach may have begun as far back as September 22. In some instances, the Cloudflare platform randomly injected user data from any of the company’s 6 million customers — which include the likes of Fitbit and Uber.

Recommended Videos

According to Cloudflare, most of the information wasn’t leaked on high-traffic websites, and even the information that was leaked to high-traffic websites was hard to find. Still, as the service was leaking information all over the web, that information was being recorded in the caches of search engines like Google, making it easier for those with potentially malicious intent to find it and use it.

Related

Thankfully, it seems as though Cloudflare has acted quickly in an attempt to remedy the situation. A preliminary fix was pushed less than an hour after it learned of the issue, and it was permanently patched in under seven hours — exactly the type of response that would be expected from a large internet company like Cloudflare. In the cleanup, the company says that 3,000 customers in total were triggering the bug while it was active.

“The industry standard time allowed to deploy a fix for a bug like this is usually three months; we were completely finished globally in under seven hours with an initial mitigation in 47 minutes,” said the company in a blog post.

While cleanup was quick, it’s recommended that to mitigate risk you should change your passwords. Yep, all of them — although pay special attention to things like online banking and other highly sensitive services. The Cloudbleed bug could have exposed anything, and unfortunately you may not know that your information was leaked until it’s too late.

Topics
Christian de Looper
Christian de Looper
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…

Editors’ Recommendations

Personal data of 69 million Neopets users is now up for sale after a data breach
Person typing on a computer keyboard.

Neopets, an aged website that lets users keep virtual pets and take care of them, just suffered a major data breach. Aside from the personal data of over 69 million users, the hacker was able to obtain the website's source code.

This isn't the first time Neopets has faced a massive leak, but this time around, user data is currently being sold for crypto -- and the leak includes more than just usernames and passwords.

Read more
Hackers just stole personal data from millions of Acer customers
acer swift 3 13 2019 review acerswift3132019

Acer has just confirmed that its servers were beached by a group of hackers called Desorden. The hackers managed to steal over 60 gigabytes worth of data containing sensitive information about millions of Acer's customers.

The compromised information includes the names, addresses, and phone numbers of several million clients, but also restricted corporate financial data.

Read more
Razer may have leaked your personal information
15 best things to buy with the amazon gift card you got for christmas razer basilisk gaming mouse 1

Gaming hardware company Razer has suffered a leak that potentially exposed the personal information of more than 100,000 customers who are registered in the Razer system.

The leak looks like it was the result of a faulty Elasticsearch database that exposed customers’ emails, addresses, and phone numbers, but not their passwords, according to Ars Technica.

Read more