No, we aren’t talking about end of days here. Cloudbleed is the name given to a Cloudflare incident that came to light in February of 2017. Evidence points to poorly written code and the suspected impact is somewhere in the millions of users. The most disturbing part about this bug is that it was introduced in September of 2016 which means 6 months of potential spillage of data has occurred.
What is Cloudbleed?
We always give things such catchy names. What is Cloudbleed anyways? First, the effected organization is known as Cloudflare. Cloudflare, in effect, is a proxy. Customers traditionally sign up for Cloudflare in hopes of increasing traffic, preventing denial of service attacks, and speeding up connections to the website. The service sits between the user and a website. Site visitors unknowingly hit Cloudflare first, then are forwarded seamlessly to the intended site. Simple enough right? Here is where things get interesting. A bug in the Cloudflare code caused information that was encrypted and unencrypted to inject directly into websites. I know what you are thinking, so what? Well, the issue was compounded by Google and other search engines crawling internet pages like they normally do and then caching the pages. This allows anyone with a basic understanding of websites to scrape the Cloudflare injected data. The discovered pages included personal identifiable information, passwords, token requests/responses, and a myriad of other compromising data. Cloudflare was alerted, patched the buggy code, and then realized that cached pages were nullifying what they had worked hard to mitigate. Google has been working to remove the cached pages, but the concern is how many other search engines still have the pages cached?
Where do we go from here?
The fact that Cloudflare is providing value to well over a million websites on the internet is enough to prompt swift action by consumers. Bad actors may have your username/password, Question+Answer profiles, dual factor key, and more. Start with a few simple steps like:
Change your passwords on all websites. If you aren’t using a password management solution like Last Pass, now would be a good time to invest. Unique passwords are super important, and Cloudbleed gives you yet another reason to manage your passwords.
Reset Two-Factor Authenticators – Where possible, request a new key fob or reset your soft token. This is not a very common scenario so you shouldn’t need to do this very often. The problem is the nature of Cloudbleed may have exposed keys that attackers could use to manufacture/mimic your token.
Mind your email – You should have heightened awareness of the possibility of email attacks following Cloudbleed. Bad actors may target you specifically if your information came up and pretend to be someone trying to help or asking that you visit a bogus page to update your password or other information because of Cloudbleed.
In the end, be proactive with this latest cyber threat. Don’t standby and add to the statistic of breached individuals.