4 million websites affected by Cloudflare data leakage
Pages such as Fitbit, Uber, Thepiratebay, Change.org or Forocoches, have been affected by the data leakage incident happened in the North American CDN, Cloudflare. This incident has affected the security of more than 4 million websites, compromising the user data registered in these pages.
Tavis Ormandy, head of Google's Project Zero, alerted Cloudflare of a security breach in its servers that allowed to identify private information from other users: HTTP cookies, authentication tokens, etc. among his data traffic.
The company claims that the bug has already been resolved and it has not affected Cloudflare's SSL private keys.
References:
- 23/02/17 blog.cloudflare.com Incident report on memory leak caused by Cloudflare parser bug
- 23/02/17 github.com List of Sites possibly affected by Cloudflare's #Cloudbleed HTTPS Traffic Leak
- 24/02/17 computerhoy.com Detectada una fuga masiva de datos: cambia tus contraseñas
- 24/02/17 eleconomista.es Cambie todas sus contraseñas: un fallo en Cloudflare filtra los datos de registro de millones de webs