Thousands of Sites Impacted by Cloudflare Breach
Cloudflare, a popular content delivery network, was recently breached. This breach impacted 3,400 websites, including popular sites such as Fitbit and Uber. A full list of impacted websites has not been released.
Cloudflare has made a public statement on their blog,
“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.
The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”
According to 9To5Mac, Travis Ormandy, who identified the breach, and other security researchers believe the company is minimizing the severity of the incident. Although malicious exploits have not been discovered, it is still imperative that impacted users change their passwords. There is a risk of user data being exposed, not only for the sites directly effected, but if users choose to use the same passwords on multiple platforms, the other accounts are compromised as well.
Does This Impact You?
Understandably, it’s difficult to know if this breach impacts you, since not all websites effected are being disclosed. It would be best practice, to keep an eye out for additional information regarding this breach. Also, you may get an email from sites you use, stating your information has been compromised as a result of this breach. If you receive this correspondence, change your password immediately.
As of today, the sites compromised have been listed as:
However, 1Password stated user information was not breached due to their encryption policies.