Major data breach at Cloudflare, change your passwords now

toggle-button

Cloud Flare Data BreachCloudflare, a company that provides internet security, reverse proxy, content delivery, and domain name server services for thousand of websites, has suffered a large security breach. Facebook, Google, Amazon, and Twitter do NOT use Cloudflare, but other companies such as
Uber, Fitbit, OkCupid, Creative Commons, Medium and 1Password are among Cloudflare’s millions of clients.

What happened? In short, during September 22, 2016 to February 18, 2017, session tokens, passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. That data was cached by search engines, and may have been collected by random adversaries over the past few months.

Here's what you'll want to know about the data breach:
- How to secure your data after the Cloudflare leak
- List of Sites possibly affected by Cloudflare's #Cloudbleed Leak (work in progress)
- Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster
- CloudBleedCheck: CloudBleedCheck allows you to check if a domain name is affected by CloudBleed bug.
  Database contains 4,287,625 entries of potentially affected domains.
- Quantifying the Impact of "Cloudbleed" (incident breakdown from Cloudflare)

Partial list of Cloudflare customers:

  • authy.com
  • patreon.com
  • medium.com
  • 4chan.org
  • yelp.com
  • zendesk.com
  • uber.com
  • thepiratebay.org
  • pastebin.com
  • discordapp.com
  • change.org
  • feedly.com
  • nationalreview.com
  • petapixel.com
  • tineye.com

Now is a good time to change any passwords you have with any of the companies involved in the data breach. Some of the companies involved may begin a forced password reset campaign so you might be getting notices to reset passwords.
If you have more than one or two passwords, password managers greatly improve security because they allow different passwords to be assigned to individual sites without the need to remember them. And it makes the login process easy and quick. Check our list of the Best Free Web Form Filler and Password Managers for suggestions.

You can find more Tech Treats here.

Please rate this article: 

Your rating: None
4.75
Average: 4.8 (16 votes)

Comments

I looked at my logs and checked the IP addresses that cloudfare uses and came up with some that this reports were not affected. Please explain why they were not affected. How do they know?

About 5.5 million domains use Cloudflare, but not all domains were impacted. Much of the leaked data was cached in search engines, and most of the data was cleaned out before information about the data breach was made public. The issue that remains is that no one knows  if the flaw was maliciously exploited before it was patched. If it wasn't, there's a pretty small chance that passwords and other data are floating around out there. If it was, there's a higher chance the data is out there. Either way it pays to be safe.:)

Cloudflare has an excellent break down on what happened here:
https://blog.cloudflare.com/quantifying-the-impact-of-cloudbleed/

A more general overview can be found here, or a search for Cloudbleed will yield articles with varying degrees of details:
https://en.wikipedia.org/wiki/Cloudbleed

 

If you use LastPass password manager, they will check your password vault against Cloudflare and identity sites where you should consider changing your password. Super easy and efficient. Here is the link.
https://blog.lastpass.com/2017/02/alerts-for-cloudflare-sites-in-lastpass-security-challenge.html/

After you get your challenge results, look for the "Compromised" tab to see which sites require a password change.

I've posted this information to our Facebook page, with full credit to you. I'm sure a lot of our Facebook users will find it very helpful!

Excellent, thanks for the information. :)

Thanks for the heads up. I use their services and, as of this very minute, Cloudflare still has not alerted me to any potential threat to my credentials!

Fortunately, so far, according to the invaluable HaveIBeenPwned website, those credentials have not (yet?) hit the wild. https://haveibeenpwned.com/

More than necessary post rhiannon. Addons for Firefox and Chrome are available to quickly check browsing history for sites that are affected. I found info about them on ghacks.net. Hope that posting link to article is OK with site rules...

http://www.ghacks.net/2017/02/26/cloudbleed-check-if-you-visited-sites-affected-by-cloudflares-security-issue

No problem with the link, Martin is a great guy and very knowledgeable. :)

Someone please verify that if you have cleared your Internet History - NOT the same as clearing your cache - the CloudBleed addon will not turn up any possible problems. Both the CloudBleed addon and the description on ghacks.net explain the addon searches your browsing history. I use Ccleaner regularly and do not have the box for Interenet History checked, but if I did the addon would find nothing giving me a false sense of security. There are plenty of other cleaners, internet security tools, etc., that clear your browser's cache, search history and browser history either on demand or automatically. Just a (hopefully) helpful reminder.

Don't think this is a real problem. Just proceed with your regular browsing habbits and your history and cache will fill up quickly. This addon will check, if the sites you visit, are risky regarding CloudBleed. Since the whole list is really huge for manual search.

Thank you for the head's up! I will certainly be happy to know further the extent of the damage, and a URL for a list of affected sites, if & when available.

You're so welcome. :)

Cloudflare is used by over 5 million web sites, but the Cloudbleed breach affected only certain services, and we may not know what all of them are for a while. Cloudflare has been open and transparent about the issue, and it looks like sites that have services that might have been affected are rolling out password changes resets and sending notifications. I think it's good to change passwords in any event. I've added a site, CloudBleedCheck, to the list, it lets you search by domain and gives you results in various ranges. If the sites has been affected you'll get the message "This domain is affected
Close all active sessions for this service, change your passwords, and enable 2FA.". 2FA is two factor authorization.