Cloudflare Security Breach
Cloudflare is a United States-based company that provides Internet security and enhances website performance of the websites associated with it. The company has recently been faced with a security breach when a bug caused portions of data to leak from its customers’ websites.
An investigation by the name Cloudbleed has been launched to get to the bottom of the leakage. Cloudbleed has revealed that the company was subjected to the leak between September 22nd and February 18th due to their latest HTML parser that was introduced in September.
It has proven difficult to trace the steps of Cloudbleed due to the nature of the bug. The breach caused random chunks of data from various customer websites to leak, unlike a usual breach which would subject only data from a particular site to the leakage.
Various search engines such as Google and Yahoo naturally cached the leaked data and have since been working with Cloudflare to erase the sensitive information from their caches. Despite most of the data leaked originating from Cloudflare headers, there has been an assumption that half of the leaks had cookies which would make it possible for an attacker to access a user account even without their password.
Since an intruder is unable to control results requested from a page most of the information obtained would be junk, however, the intruder might be able to collect useful information with time. Cloudflare programmers are observing their logs to monitor unusual requests and also those that are originating from a similar IP address to determine whether the bug is being exploited.
A probability report from Cloudflare indicates that sites receiving more requests are more vulnerable to attack compared to sites with fewer requests. Customers have also been advised to reset their passwords.