Massive Cloudflare Data Leak reportedly happened over 5 month period

Discussion in 'User Submitted News' started by WiiUBricker, Feb 25, 2017.

  1. WiiUBricker
    OP

    WiiUBricker Insert Custom Title

    Member
    6,996
    4,046
    Sep 19, 2009
    Argentina
    Espresso
    cloudflare-breach.png
    Picture credit: wordfence.com

    On thursday, Cloudflare informed the media that it suffered a data leak over a period of 5 months, starting from September 22nd, 2016 until February 18th 2017. The data leak was reportedly caused by a flawed HTML parser chain that was used by three of Cloudflare's features that have since been disabled.

    What is Cloudflare and why is this a serious incident? Basically, Cloudflare is both a content distribution service and a firewall that is between the website visitors and the website owner's server. When someone visits a website that uses Cloudflare, the visitor's browser requests either private or public information from Cloudflare and that information is then returned to the visitor via a secure channel. With this system, visitors can only see the data they requested.

    So what this data leak means is that information that only the visitor is supposed to see, may have been sent to a completly different visitor. To make matters worse, search engines reportedly indexed some of the leaked data, which means anyone can potentionally have access to it, although search engines are at work since a few days to delete the data from their caches.

    During the period when the leak occurred, affected websites would display garbage data mixed into the actual content of the websites. That data originated from the memory leak and may contained security tokens and other sensitive information, such as passwords and cookies. In fact, if someone were to access the text of leaked cookies, they may be able to use them to gain access to your account.

    Tavis Ormandy, a Google researcher who discovered and reported this data leak to Cloudflare, had the following to say about the matter:

    In a comment on Hacker News, Cloudflare's CTO said that 3438 domains were affected by the data leakage, however, according to Tavis Ormandy, any of Cloudflare’s customer websites could have had their response data mixed into data returning from those 3438 websites.

    Cloudflare's amount of hosted domains is about 4,287,625. Someone compiled a list of all those domains on Github. Domains included in that list may or may not be affected by the data leak.

    Conclusion: If you have an account on a website that uses Cloudflare, it is strongly recommended that you change your password.

    :arrow: Source 1: Wordfence.com
    :arrow: Source 2: Cloudflare's announcement
     
    TheKawaiiDesu likes this.