So it looks like it’s that time of the month and/or year again. This is no time for shopping. This is about changing your passwords. A bug in Cloudflare’s software has caused a leak in information that use the services of Cloudfare themselves.
What Is Cloudbleed?
Called Cloudbleed (aptly named if I should say so myself), the bug essentially leaks sensitive information such as website passwords in plain text from a period ranging from September 2016 to February 2017. Just to put things into perspective, that’s over 5.5 million websites that use Cloudflare, including Fitbit, Uber, OkCupid, Medium, and Yelp. Making matters a tad worse, some of the data has also been cached by search engines such as Google and Yahoo, thus making them accessible to the public.
As per the researchers who discovered the vulnerability, Cloudbleed sends portions of data to a user’s browser after they have visited a webpage hosted by the Cloudflare. These details range from private messages, to online passwords and many other sensitive details.
The leak could be potentially catastrophic for web users, but Cloudflare has attempted to sooth things over stating that no evidence was present that the data had fallen into the hands of hackers.
Precautions have been taken. For example, this website allows users to search through services that they have signed up for in order to see if they may be affected or not.
Despite Cloudbleed being patched up now, there is still a large amount of data that had been leaking at a constant state, perhaps even months before.
OKCupid, a dating site stated that in their initial investigation, they had minimal if not no exposure from Cloudbleed. Similarly, 1Password, a password management service also reported that no one of their confidential data was exposed.
How can I stay protected from Cloudbleed?
That being said however, there are steps you can take to ensure that you are safe. The first and most logical choice would be to change your passwords.
So skip the usual “123456” and even “password” as your password. Also stay away from words that can be easily identified to you personally, such as your date of birth, loved one’s name or even pet’s name.
Ideally, a strong password would have a mixture of letters, numbers and symbols. This increases the strength of the password and make it less susceptible to hacking or even a brute force attack. Bigger is indeed better so the longer the password, the safer you are. Additionally, passwords using upto 10 uppercase and lowercase letters mixed with numbers are proven to be more secure.
Another step to follow is to enable two-factor or two-step authentication. This is where upon entering your usual login details, a special code is sent to your phone via a text message. This ensure that even if someone obtains your username and password, they would still need the secondary code as well.