Categories: Security

The Cloudfare Data Leak: What You Need to Know

Cloudflare, a tech company headquartered in San Francisco, provides high-security content delivery to over five million websites. Essentially, the reverse proxy server is the intermediary between a site’s visitors and the website’s host with a focus on Internet security.

As Cloudflare proves, even the most security-focused websites aren’t always free from information breaches. That’s why it’s so important to have additional security on your devices. Use DFNDR’s Full Virus Scan to ensure that all malware threats are removed from your phone. It will scan your files, programs, and SD card to locate and remove malware. Click here to scan your device for security threats:

Read More: Hackers Attack with Invasive New Mobile Virus

What happened with Cloudfare?

This focus on Internet security was part of the reason it was such a surprise when, in early 2017, Cloudflare had a serious security bug in its software. This bug released data like passwords, cookies, and authentication tokens from its websites. Users’ personal information is usually encrypted or obscured, but the bug caused this data to be revealed in plain text. In the worst-case scenario, anyone who saw the error could have collected the personal information from these users.

Perhaps the biggest issue with the data leak was that the leak may have happened nearly five months before it was reported to Cloudflare. However, the biggest leak happened over six days when one out of every 3,300,000 requests to Cloudflare caused data to be exposed. When this happened, hackers could access the data on demand through the cached files on search engines.

Users found a wide variety of data that had been released from Cloudflare, including data website messages, hotel bookings, chatroom messages, and passwords, among other information. Cloudflare leaked data in around 0.00003% of its requests. This is, of course, a small number, but the significance of the data, and the number of users who employ Cloudflare, make it important.

What Caused the Leak?

The virus that caused the problem infected a part of the system Cloudflare uses to improve website performance. Three Cloudflare features were not integrated well with this program, causing the data to be released.

How Did Cloudfare Solve This Problem?

Cloudflare had difficulty finding a solution to the data leak. The data that had been released was automatically cached by search engines like Google, Bing, and Yahoo, and the company had to go to each one of these companies individually to ask them to clear the data.

 

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago