CloudFlare Breach

If you are concerned about your security, you need to read this. This may affect some high profile sites like Fitbit, Dropbox, Zendesk, and Box.com, CreditKarma.com, among thousands of others.

Some iPhone \ iPad Apps are affected as well.

This section is completely excerpted from Nick Sweating  who is reporting that: Between 2016-09-22 – 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.

Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was triggered the response would include data from ANY other Cloudflare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn’t use those features. So the potential impact is every single one of the sites using Cloudflare’s proxy services (including HTTP & HTTPS proxy).

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.