Latest in Gear

Image credit: Getty Images/Flickr RF

Server bug leaks user data for thousands of popular websites

Don't call it 'Cloudbleed.'
2485 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty Images/Flickr RF

A number of high-profile websites have been leaking their users personal data into the ether, thanks to an error by a prominent web services provider. Cloudflare, which provides security and content delivery services to companies like Patreon, Fitbit and OKCupid among others, had an error in its code that caused pieces of memory to dump into web pages. The Register described the issue as sitting down to a fresh table in a restaurant and being handed the previous diner's wallet.

Tavis Ormandy, a security researcher with Google's Project Zero, spotted the breach, finding encryption keys, cookies, passwords and HTTPS requests in public caches. He contacted Cloudflare, which then began to work to identify and stop the issue, which came down to a typo in the code that caused a buffer overrun. In its public statement, Cloudflare added that it held off on disclosing the issue until it had ensured that search engine caches had been cleared of any personal data.

If you're worried about how this affects you — and it probably does — then it's a good time to change your passwords. There's a list of potentially affected sites available here, although it's probably wise to change all of your security keys, since you never know what data has leaked to where. Additionally, 1Password, which uses Cloudflare for hosting, has come out publicly to reassure customers that their data remains secure.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
2485 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best mobile devices for students

The best mobile devices for students

View
Porsche streamlines the Taycan EV’s infotainment system

Porsche streamlines the Taycan EV’s infotainment system

View
Lenovo’s Smart Clock becomes a more capable home hub

Lenovo’s Smart Clock becomes a more capable home hub

View
Wirecutter's best deals: Save $60 on an Acer Chromebook 11

Wirecutter's best deals: Save $60 on an Acer Chromebook 11

View
Samsung Galaxy Note 10+ review: Weird, but in a good way

Samsung Galaxy Note 10+ review: Weird, but in a good way

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr