Cloudbleed: Know All About It, What Is It? How To Protect From It? The Websites Affected, And More
Cloudbleed is the latest security threat to the World Wide Web that surfaced for the past week. It is widely discussed considering the wake of the issues of sensitive information leak. According to the information available from Cloudflare, the security bug has been patched now and it is investigating on various possibilities of information leak.
Cloudbleed is a bug that leads the information leak on websites that used Cloudflare to direct the incoming requests to the website. Cloudflare is helping a large number of websites by providing reverse proxy services for various websites. This means that Cloudflare is working as an intermediary between requesters and websites and blocking any possible attacks on the websites like a firewall. It is found that the bug has caused the leak of passwords and other sensitive information for almost six months. On Feb. 17, Google Project Zero team found the bug and named it as Cloudbleed.
#Cloudbleed PSA:
Enable 2-factor login wherever possible & change your password on affected sites & apps.
More info:https://t.co/ua4ZohwKbA pic.twitter.com/scI57m2Qwv— DuckDuckGo (@duckduckgo) February 24, 2017
Cloudflare has come up and confirmed that the issue of bug has completely been addressed within seven hours. It is found that as many as 3,400 websites were the victims of the bug. The major sites affected by the bug includes FitBit, Uber, and OKCupid among other sites. The actual size of affected sites is not known due to the 3,400 websites with bugs would have leaked information of other websites that are using Cloudflare; the firm has 2 million sites in its network.
It should be noted that Nasdaq, Bain Capital, Reddit, ZenDesk, Cisco and many other reputed websites are using Cloudflare services. As of now, the bug is patched but there is still some security issues people should be aware of. It should be noted that the leaked information is available on the internet as Google and other search engines were caching the information for months. Though search engines are removing this information, other caching services would have stored it and it is not possible to remove it completely from the internet.
To avoid any further damage, people should change their passwords at the earliest possible time. Also, they can use wherever a two-step authentication is allowed, as it can better safeguard against a breach. People can even contact the websites and the servicers if they found any issues.
