Skip to main content

‘Cloudbleed’ bug may have leaked your personal data all over the internet

A hand on a laptop in a dark surrounding.
Image used with permission by copyright holder
Another day, another data leak — though this one might turn out to be a little more monstrous than the rest. Internet infrastructure company Cloudflare has admitted that a bug in its system caused user information to randomly leak across the internet — information that includes cookies, login information, API keys, and more.

The bug, which has been dubbed “Cloudbleed,” was actually first discovered by Travis Ormandy, a Google Project Zero vulnerability researcher, on February 17. It was revealed, however, that the data breach may have begun as far back as September 22. In some instances, the Cloudflare platform randomly injected user data from any of the company’s 6 million customers — which include the likes of Fitbit and Uber.

Recommended Videos

According to Cloudflare, most of the information wasn’t leaked on high-traffic websites, and even the information that was leaked to high-traffic websites was hard to find. Still, as the service was leaking information all over the web, that information was being recorded in the caches of search engines like Google, making it easier for those with potentially malicious intent to find it and use it.

Please enable Javascript to view this content

Thankfully, it seems as though Cloudflare has acted quickly in an attempt to remedy the situation. A preliminary fix was pushed less than an hour after it learned of the issue, and it was permanently patched in under seven hours — exactly the type of response that would be expected from a large internet company like Cloudflare. In the cleanup, the company says that 3,000 customers in total were triggering the bug while it was active.

“The industry standard time allowed to deploy a fix for a bug like this is usually three months; we were completely finished globally in under seven hours with an initial mitigation in 47 minutes,” said the company in a blog post.

While cleanup was quick, it’s recommended that to mitigate risk you should change your passwords. Yep, all of them — although pay special attention to things like online banking and other highly sensitive services. The Cloudbleed bug could have exposed anything, and unfortunately you may not know that your information was leaked until it’s too late.

Christian de Looper
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Hackers just stole personal data from millions of Acer customers
acer swift 3 13 2019 review acerswift3132019

Acer has just confirmed that its servers were beached by a group of hackers called Desorden. The hackers managed to steal over 60 gigabytes worth of data containing sensitive information about millions of Acer's customers.

The compromised information includes the names, addresses, and phone numbers of several million clients, but also restricted corporate financial data.

Read more
Razer may have leaked your personal information
15 best things to buy with the amazon gift card you got for christmas razer basilisk gaming mouse  1

Gaming hardware company Razer has suffered a leak that potentially exposed the personal information of more than 100,000 customers who are registered in the Razer system.

The leak looks like it was the result of a faulty Elasticsearch database that exposed customers’ emails, addresses, and phone numbers, but not their passwords, according to Ars Technica.

Read more
Quibi, JetBlue, and more leaked your email to advertisers, report finds
quibi ceo

Companies like Quibi and JetBlue are leaking users' email addresses to the likes of Facebook, Google, and Twitter through third-party advertisers, which allows those advertisers to more easily track users across the web and target them with ads, a new report claims.

Researcher Zach Edwards found many popular websites employ third-party analytics to advertise to users, but then end up inadvertently leaking those users’ email addresses to advertising and analytics companies, according to an extensive Medium post published on Wednesday.

Read more