Cloudbleed: What to Know About the Security Breach

By Jay Soriano, | February 25, 2017

 Cloudflare was able to halt the bug's activities 44 minutes after Ormandy first contacted the firm. (YouTube)

Cloudflare was able to halt the bug's activities 44 minutes after Ormandy first contacted the firm. (YouTube)

The Internet suffered yet another severe blow in the form of Cloudbleed. The bug leaked passwords, along with other possibly sensitive details from a large number of websites in the span of over six months.

The name of this major security breach comes from Tavis Ormandy of Google's Project Zero. Ormandy contacted Cloudflare in the form of a tweet as he wanted to report a security problem with the firm's edge servers.

Like Us on Facebook

What Ormandy saw were corrupted web pages returned by particular HTTP requests which run through Cloudflare. He even jokingly called it the Cloudbleed as a reference to Heartbleed, a 2014 security issue.

Netizens should not be worried too much about Cloudbleed despite security breaches being a major concern for many. Nonetheless, Internet users are still advised to change their passwords, especially if the domain they're using runs through Cloudflare.

According to reports, the damage caused by Cloudbleed is minimal as compared to Heartbleed back in 2014. Heartbleed affected about half-a-million websites across the Internet. However, only 3,400 sites were found to be affected by the Cloudbleed bug.

Cloudflare was able to halt the bug's activities 44 minutes after Ormandy first contacted the firm. Seven hours later, they were able to fix the problem completely.

Cloudbleed was able to affect multiple websites from as far as September last year. It has been allegedly found that the height of the breach occurred between February 13 to 18.

As per the incident report posted by Cloudflare on its official blog, some websites that were affected by the bug include OKCupid, Uber, and Fitbit. Some sites that were hit by the Cloudbleed bug have taken to Twitter to notify Cloudflare of the issue.

©2024 Telegiz All rights reserved. Do not reproduce without permission
Real Time Analytics