Cloudbleed, the first major internet vulnerability of 2017, was announced by cyber security analysts in mid-February. It took less than two weeks for analysts to determine that this particular problem could affect millions of internet users around the world; in terms of potential damage to High Desert companies, business owners who are Cloudflare clients should pay close attention to this ongoing issue.
Project Zero analysts noticed an unusual amount of sensitive information being crawled, cached and indexed by search engine spiders used by Google, Bing, and Yahoo. The compromised data, which includes username/password combinations, images, and server security configurations, came from major internet properties such as Nasdaq, Uber, FitBit, Cisco, and thousands more. The common denominator is that the data leaked from websites hosted by Cloudflare.
According to security experts at Cloudflare, the problem emanated from web sessions using the https protocol that has become a browsing standard ever since former spy agency contractor Edward Snowden blew the whistle on the United States National Security Agency and its global surveillance program. A small ratio of secure web sessions handled by Cloudflare involved memory leakage, a situation that resulted in data being saved and later crawled by search engine spiders.
Cloudflare was able to patch the issue within seven hours after it was first reported by online tech news portals. Users of internet properties such as FitBit, Uber, OKCupid, and Medium have been advised to reset their username and password combinations to avoid identity theft situations. Two-factor authentication, known as 2FA, is highly recommended in this case.
Business owners in the High Desert region who are Cloudflare clients should visit the company’s website and check if they have been compromised. Google Project Zero has also recommended users to visit www.doesitusecloudflare.com and check if they have registered accounts in a site that may have been compromised by Cloudbleed. Contact Sonic Systems for comprehensive system security management and maintenance.