There are thousands of breaches of information every year, threatening our personal information and sensitive data. On Feb 23rd, news of a brand-new bug known as Cloudbleed dropped. This bug has affected thousands of sites, potentially leaking out the sensitive information of their users, according to a new report by CNET. Here is a quick guide to understanding exactly what Cloudbleed is, and how it may have affected you and your company.
What is Cloudbleed?
Cloudbleed is the name of the newest major security breach bug from an Internet security company known as Cloudflare. The issue arose when users entered their information onto secured “https” sites, such as a login page. Cloudflare’s service is meant to help securely move the information entered into the “https” sites between the user and the servers. Instead of deleting the information after it was used, the Cloudbleed bug caused Cloudflare’s security service to save potentially sensitive data, such as user credentials, photos, video frames, or even server and security information.
Who is affected by Cloudbleed?
There are currently around 3,400 websites believed to have been affected by the Cloudbleed bug, though the actual number could be much higher. The bug is believed to have started back as September, with the height of the problem occurring between February 13th to the 18th. Uber, Fitbit, and OKCupid are the main three that seemed to be directly affected by the bug. According to Cloudflare, the Cloudbleed bug is thought to have leaked information about “one in every 3,3000,000 HTTP requests” made through the service.
What can I Do Now?
As of now, Cloudbleed is no longer an active threat. Cloudflare was able to stop the bug just 44 minutes after it was discovered, and the problem was solved completely in 7 hours. While the impact is minimal and requires no immediate action, there are a few things individual users can do to keep themselves safe from potential data leakage.
It is recommended that you change your password on any account that uses Cloudflare. This includes sites such as OKCupid, Fitbit, and Medium are some of the most popular sites that are known to use Cloudfare’s services. If you are unsure whether or not a site you use was affected, there is now a webpage that tells you whether or not a site is infected.
It is also recommended that you use a two-step authentication on any site or service that offers it. This will ensure that no one will be able to access your account, even if they are able to get your user credentials.
-
With thousands of security breaches per year, you can’t afford to wait for security. Contact Info Advantage today at (585) 254-8710 to speak to a technology professional about how to keep your data safe.
Tag Cloud
Mobile? Grab this Article
Comments