The Cloudfare Data Leak: What You Need to Know

Cloudflare, a tech company headquartered in San Francisco, provides high-security content delivery to over five million websites. Essentially, the reverse proxy server is the intermediary between a site’s visitors and the website’s host with a focus on Internet security.

As Cloudflare proves, even the most security-focused websites aren’t always free from information breaches. That’s why it’s so important to have additional security on your devices. Use DFNDR’s Full Virus Scan to ensure that all malware threats are removed from your phone. It will scan your files, programs, and SD card to locate and remove malware. Click here to scan your device for security threats:

Read More: Hackers Attack with Invasive New Mobile Virus

What happened with Cloudfare?

This focus on Internet security was part of the reason it was such a surprise when, in early 2017, Cloudflare had a serious security bug in its software. This bug released data like passwords, cookies, and authentication tokens from its websites. Users’ personal information is usually encrypted or obscured, but the bug caused this data to be revealed in plain text. In the worst-case scenario, anyone who saw the error could have collected the personal information from these users.

Perhaps the biggest issue with the data leak was that the leak may have happened nearly five months before it was reported to Cloudflare. However, the biggest leak happened over six days when one out of every 3,300,000 requests to Cloudflare caused data to be exposed. When this happened, hackers could access the data on demand through the cached files on search engines.

Users found a wide variety of data that had been released from Cloudflare, including data website messages, hotel bookings, chatroom messages, and passwords, among other information. Cloudflare leaked data in around 0.00003% of its requests. This is, of course, a small number, but the significance of the data, and the number of users who employ Cloudflare, make it important.

What Caused the Leak?

The virus that caused the problem infected a part of the system Cloudflare uses to improve website performance. Three Cloudflare features were not integrated well with this program, causing the data to be released.

How Did Cloudfare Solve This Problem?

Cloudflare had difficulty finding a solution to the data leak. The data that had been released was automatically cached by search engines like Google, Bing, and Yahoo, and the company had to go to each one of these companies individually to ask them to clear the data.