February 24, 2017 Security

Security Alert: #CloudBleed, what steps you should take to secure yourself

You might have read in the news about the #cloudbleed incident, which can only be described as a potentially massive data leak in the Cloudflare Internet infrastructure service, used by over 2 million sites, including Triangela. This vulnerability was discovered by Google’s Project Zero Team.

Seriously though – Don’t panic, read the article below and take appropriate actions.

So, what is this vulnerability? To quote @octal’s blog post:

Essentially, web requests to Cloudflare-backed sites received answers which included random information from other Cloudflare-backed sites! This information could potentially include confidential information (private messages on dating sites, emails), user identity information (Personally
Identifying Information (PII), and potentially in a healthcare context, Protected Health Information (PHI), or user, application, or device credentials (passwords, API keys, authentication tokens, etc.).

Cloudflare has been leaking customer HTTPS sessions for months. Including session data from well-known companies such as Uber, FitBit, OKCupid etc.

This vulnerability is now patched, BUT.. the data has been out there, for months. Some of this data was cached publicly in search engines, Google, DuckDuckGo etc, but the cached data is being removed. However, since other data might exist in other caches and services around the web, that makes coordinated deletion processes pretty much impossible. So we can’t be sure that all data will be removed.

A very detailed and technical description of this vulnerability can be read on CloudFlare’s Incident report.This is a potentially massive data leak which might make this incident even bigger than the historic #HeartBleed bug.

How big is the impact?

The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests), potential of 100k-200k paged with private data leaked every day. Source

Ok, take a deep breath. The chance is very low that data belonging to you has been leaked. But, to be on the safe side (which is you should): Take steps right now and change your passwords (including master password on your password manager), and if you aren’t already using it: Activate 2-step verifications on your important accounts.

On this GitHub repository, there is a list of domains which use CloudFlare. If you know you have an account on any of these sites, you should change the account password you have there.

Stay safe!