The Cloudfare bug called "Cloudbleed" was uncovered by a Google engineer, where massive customer data were leaked to various websites. There is no evidence to determine if the San Francisco-based content distribution company has downplayed the security threat, but users are still warned to change their passwords.
Last week, a bug in the code of Cloudfare was discovered and it works by leaking data from websites using the Cloudfare program. This occurs whenever Cloudfare enters a website with a poorly constructed HTML where data from other websites can be easily read using the Cloudfare code. According to the blog post of John Graham-Cumming, the bug was active from Feb. 13 to 18, although there have been reports that the bug may have been around since September 2016, Global News reported.
Though the Cloudfare bug shows no signs of having been exploited, Cloudfare takes the matter seriously by forming a cross-functional team from various departments like software engineering, information security, and operations both in San Francisco and London. The primary objective of the group is to investigate the cause of the error, determine the extent of the memory leakage and to collaborate with Google as well as other search engines to remove cached HTTP responses, USA Today reported. Google researchers believe that there are 120,000 web pages leaking information on a daily basis. The leaked data includes private messages from dating sites, online passwords, full messages from chat services, frames from adult video sites and hotel booking information.
Cloudfare says the bug has been resolved although there are reports that the extent of the memory leakage is more widespread than what users were led to believe. The content distribution company may be downplaying the problem. Nonetheless, Cloudfare has been proactive listing the affected sites here in doesitusedcloudfare.com. Users are also advised to change their passwords preferably using a combination of uppercase and lowercase letters mixed in with numbers and symbols for added security.