Cloudflare security breach exposed data and changing the passwords are recommended among 3,400 websites. Cloudflare is an online content delivery network, which offers CDN, DNS, DDoS protection, and security.
Some usernames and passwords were leaked because of a security bug that affected 3,400 websites, including Uber, Fitbit, and OkCupid. However, 1Password has the end-to-end encryption, which means no data was exposed. The leaked passwords were cached by search engines, which recommends users to change it.
Cloudflare: What To Blame?
According to 9 To 5 Mac, Cloudflare admitted the security breach, but the other security researchers claim that the company is underplaying the incident. The company revealed in the post that there is no evidence of malicious reports of bug being exploited.
Tavis Ormandy of Google's Project Zero was seeing corrupted web pages. Ormandy revealed that he found "private messages from the major dating site," which contained online password manager data and frames from adult video sites, as per CNET.
Ormandy suggested that it would be better for the users to use Cloudflare to change their passwords. He also said that the Cloudflare customer SSL private keys were not leaked, which means Cloudflare has always terminated SSL connections.
Is Changing Password Enough?
John Graham-Cumming, a chief technical officer of cybersecurity, revealed that the changing of the password is the best thing to do. Users need to change their passwords because there is a big chance that the login information might be a threat to any users of the 3,400 websites.
The greatest period of excellent bug impact was on Feb. 13 and Feb. 18 with around one in every 3,300,000 HTTP requests through Cloudflare. The initial investigation has revealed minimal exposure. If any users have been impacted, Cloudflare and Google will prompt and notify them and will take immediate action to protect the users.
Cloudflare
Cloudflare can speed and protect any website with 1 DDoS attack protection. Over five million customers also trust it, including Cisco and Zendesk.