Cloudflare bug might affect 5.5 million websites: Find out if you should worry


Cloudflare, an internet infrastructure company which helps about 5.5 million websites worldwide with performance and security, has been exposed for five months due to a bug. Cloudflare hosts sites like Uber, OK Cupid, Fitbit and others. Here’s a brief explanation on what happened.

First of all, you should check if you were affected by the bug. Here’s a full list of all the sites that use the company’s services, you can just CTRL+F to search for the websites you frequently use.

What does Cloudflare do?
Now let’s get to the news. Cloudflare isn’t a name that many internet users are familiar with. But it’s actually an important part of the internet infrastructure. Apart from improving performance, it also provides security to many sites, for example through DDOS protection. When it acts as a proxy between users and servers, a lot of data passes through it.

What was the issue?
A particular combination of HTML tags caused data to leak. That’s the “technical explanation”. What you need to know is that, due to an error in code, some users received data that they shouldn’t have, including things that might have been sensitive personal information, like passwords. If someone knew about this error, they could have exploited it. Tavis Ormandy, an engineer at Google who first noticed the bug says he’s finding “full messages, cookies, passwords, keys, data, everything” through the leak. The bug had been live for five months before Ormandy noticed it.
The good news is that Cloudflare reacted quickly after being informed. It pushed a fix less than an hour after it learned about the issue and worked with Google to clean out any exposed data that was randomly lying around, ripe to be taken. Even so, if a site you are using has been affected, changing your password is the smartest thing to do right now.

Create your freelance profile and land new projects without any fees!

 Sign up now

More articles

  • Google’s Waymo suing Uber over Corporate Espionage

    Stealing trade secrets and running away with them to the competition might sound like an overused Hollywood plot, but it turns out it might also be reality. Waymo, the self-driving car company which recently split off of Google is suing a former employee who now works at Uber. He allegedly copied 9.7 GB of confidential data before leaving.
  • Head of Ringing Bells, company behind 4-dollar phone in India, arrested

    Mohit Goel has been arrested on allegations of fraud in India, the BBC reports. Goel is the director of Ringing Bells, which started offering the “world’ cheapest smartphone” a year ago. The device costed 251 rupees (around 4 dollars), which is why it was called Freedom 251. Initial excitement quickly turned into skepticism, now distributors’ complaints have tipped the scales.
  • 99.6 percent of smartphones sold in Q4 2016 run Android or iOS

    The two big names of smartphone software creators now have almost the entire market to themselves. The operational systems of Apple and Android have been continuously increasing their market shares and have kept doing so in the last months of 2016, the new Gartner report reveals – the two companies accounted for 99.6 percent of all sold devices.


  • No comments available

Comment this article