Security

The Cloudfare Data Leak: What You Need to Know

Cloudflare, a tech company headquartered in San Francisco, provides high-security content delivery to over five million websites. Essentially, the reverse proxy server is the intermediary between a site’s visitors and the website’s host with a focus on Internet security.

As Cloudflare proves, even the most security-focused websites aren’t always free from information breaches. That’s why it’s so important to have additional security on your devices. Use DFNDR’s Full Virus Scan to ensure that all malware threats are removed from your phone. It will scan your files, programs, and SD card to locate and remove malware. Click here to scan your device for security threats:

Read More: Hackers Attack with Invasive New Mobile Virus

What happened with Cloudfare?

This focus on Internet security was part of the reason it was such a surprise when, in early 2017, Cloudflare had a serious security bug in its software. This bug released data like passwords, cookies, and authentication tokens from its websites. Users’ personal information is usually encrypted or obscured, but the bug caused this data to be revealed in plain text. In the worst-case scenario, anyone who saw the error could have collected the personal information from these users.

Perhaps the biggest issue with the data leak was that the leak may have happened nearly five months before it was reported to Cloudflare. However, the biggest leak happened over six days when one out of every 3,300,000 requests to Cloudflare caused data to be exposed. When this happened, hackers could access the data on demand through the cached files on search engines.

Users found a wide variety of data that had been released from Cloudflare, including data website messages, hotel bookings, chatroom messages, and passwords, among other information. Cloudflare leaked data in around 0.00003% of its requests. This is, of course, a small number, but the significance of the data, and the number of users who employ Cloudflare, make it important.

What Caused the Leak?

The virus that caused the problem infected a part of the system Cloudflare uses to improve website performance. Three Cloudflare features were not integrated well with this program, causing the data to be released.

How Did Cloudfare Solve This Problem?

Cloudflare had difficulty finding a solution to the data leak. The data that had been released was automatically cached by search engines like Google, Bing, and Yahoo, and the company had to go to each one of these companies individually to ask them to clear the data.

 

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago

What Happens to Your Data After You Close an App?

You open an app to order food, check your bank balance, chat with friends, or…

57 years ago