What you need to know about Cloudbleed

A hand holding a piece of paper with the outline of a cloud cut out.
What you need to know about Cloudbleed by Bulletproof IT

Internet security company Cloudflare revealed a major flaw in their system. The so-called ‘Cloudbleed’ vulnerability leaked customer information from thousands of websites, according to Cloudflare researchers. Fortunately, there have been no signs of exploitation, but that doesn’t mean you should be complacent. Here’s everything you need to know about Cloudbleed.

What is Cloudbleed?

Although it’s technically similar to Heartbleed, a bug that compromised millions of websites and accounts, Cloudbleed is less severe. Google security researcher Tavis Ormandy discovered that several Cloudflare-hosted websites, including Fitbit, Uber, and OkCupid, were inadvertently leaking customer information and saving them within the source code.

For example, when a person visits a bugged Uber page, the website code could contain data and login credentials from another user who recently visited the page. The data may be hidden between several lines of code, but a skilled hacker can easily find it.

Exploiting it, however, is more difficult. The Cloudbleed bug collects random bits of data, which may or may not contain any sensitive information, making it a less attractive point of attack for cybercriminals. Over time, a cybercriminal may be able to compile enough information to exploit, but it doesn’t seem to be a viable option for targeted attacks.

The Response

According to Cloudflare, Cloudbleed was triggered 1,240,000 times and found in 6,400 websites between September 22 and February 18. After the bug was discovered, the internet security company quickly alerted affected websites, fixed the code, removed cached pages from search engines, and monitored client websites for any strange website activity.

Cloudflare-hosted websites also checked what data was leaked and reassured customers that there was minimal impact to their private information.

What can you do?

While Cloudflare and other companies are telling everyone that the possibility of Cloudbleed attacks and password leaks is low, you should still ensure your account is safe.

A lock laying on a keyboard signifying a strong defense for IT clients from cloudbleed.
What can you do? by Bulletproof IT

Start by setting stronger passwords with a combination of letters, numbers, and symbols. Make sure to set unique passwords for every online service, especially for any of your accounts that use Cloudflare. Whenever possible, use two-factor verification to keep your account secure even if someone gets a hold of your password.

And, last but not least, contact us for any cybersecurity, cloud, and website issues. We aim to make your internet and cloud experience as safe as possible. Published with permission from TechAdvisory.org. Source.

March 20, 2017
Author

Get Bulletproof IT Today

Need help with your business technology? 
Contact Us Today
Recent Posts
Notice of Global Technology Supply Chain Shortage

To our valued clients and business partners, The World Health Organization has officially declared COVID-19 a pandemic, with global economic implications that we have already begun to see. The supply chain consequences stemming from the current lock-down in China are real, and we are feeling the impact now in Canada. What does this mean for […]

Read More
Assessing Your Technology with a Managed Service Provider

Many small to mid-sized businesses do not have their own IT department or the capabilities to maintain their network infrastructure in-house. That’s where a managed service provider comes in. The right MSP can be a game-changer for your company. They can help streamline your technology so that you worry less about failing computers and more […]

Read More
envelopelocation-arrow
Bulletproof IT Support And Managed Services
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram