Set as Homepage - Add to Favorites

【Science Fiction Archives】

Source:Pursuit Information Network Editor:Deals Time:2025-06-25 21:08:08

Cloudflare,Science Fiction Archives one of the giants of internet security responsible for keeping the websites we all visit safe, is itself the source of a vulnerability that has the potential to rival the Heartbleed bug of 2014. And to make things worse, we don't even know the full extent of the damage yet.

Let's get this out of the way early: Change your passwords.Starting with Uber, Ok Cupid, Yelp, Fitbit, and Authy. But if you don't use the services, don't get complacent. There's a long list of sites that could be affected, and new ones are bound to be added, so stay vigilant.

The leak, being referred to as "Cloudbleed," is a vulnerability that has divulged everything from passwords to private messages on dating sites, hotel bookings and other personal info. And to make things more terrifying, even sites that don’t use the company's service but have a lot of Cloudflare users could have compromised data on their servers.

SEE ALSO: Feds secretly forced Twitter to disclose a user's identity — twice

Cloudflare officially announced the situation in a blog post on Thursday night, attributing it to an error in coding that resulted in a "buffer overrun" that was "quickly identified." Cloudflare’s software works to store your data in securely, but because of this bug, some data was accidentally leaked in a way that was not secure enough. Cloudflare has worked to fix this, but the problem is search engines like Google often cache a version of the data, and because of this it’s possible that the data is still out there.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

A member of Google's Project Zero team, Tavis Ormandy, noticed the suspected security issue with Google's Edge Network to Cloudflare last Friday, however, the leak could reportedly have begun back on Sept. 22, 2016.

As for the information in jeopardy, Ormandy feels you have good reason to fear. "The examples we're finding are so bad ... I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings,' he wrote. "We're talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything."

In his online forum, Ormandy detailed his time spent working with Cloudflare to resolve the issue, and admitted he is unaware what information, if any, was compromised. "I don't know if this issue was noticed and exploited, but I'm sure other crawlers have collected data and that users have saved or cached content and don't realize what they have, etc.," Ormandy wrote.

"I didn't realize how much of the internet was sitting behind a Cloudflare CDN until this incident."

Featured Video For You
Apple's new 'Apple Park' spaceship campus will open in April

Previous:Flooding the Heart of Empire

Next:Voices of Mourning

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Best gaming console deal: Grab the Microsoft Xbox Series X console for under $350 at Best BuySave on the Peloton bike and accessories at AmazonA Slap in the Face of Stalinism by Alissa VallesOpenAI releases ChatGPT data leak patch, but the issue isn't completely fixedHow to watch Duke vs. Troy football livestreams: kickoff time, streaming deals, and moreBest streaming deal: Amazon Fire TV Stick 4K is 25% off at AmazonHow to watch Georgia State vs. USU livestream: kickoff time, streaming deals, and more‘The Paris Review’ Wins the 2020 National Magazine Award for FictionBest Apple Watch Series 9 deal: Slash $100 off on the Best Buy app onlyHow to watch Georgia State vs. USU livestream: kickoff time, streaming deals, and moreAugust Wilson on the Legacy of Martin Luther King by The Paris ReviewRedux: Even Forests Engage in a Form of Family Planning by The Paris ReviewLess Is More by Kyle ChaykaTrains by Jill TalbotKamau Brathwaite: 1930–2020 by Vijay SeshadriHow to watch JMU vs. Air Force football livestreams: kickoff time, streaming deals, and moreTrains by Jill TalbotHow to Imitate George Saunders       by Benjamin NugentThe Apple Watch ban is impacting repairs, tooPromiscuity Is a Virtue: An Interview with Garth Greenwell by Ilya Kaminsky How to view the aurora borealis in the U.S. tonight The best camping deals at Amazon this week include coolers, tents, and more NYT Strands hints, answers for August 12 Free Max subscription (with ads) with DashPass annual plan Duolingo partners with Sony Music to bring pop songs to its music course Wordle today: The answer and hints for August 10 NYT Strands hints, answers for August 16 Yung Miami finally speaks on relationship with Diddy and the City Girls breaking up Best outdoor deals: Save up to 50% on REI tents, Garmin inReach devices, and outdoor smart lights X must pay $600K to employee who didn't click yes to work 'hardcore' Elon Musk's X lets users sort replies to find more relevant comments 'Marvel Rivals' is a fun, but forgettable 'Overwatch' ripoff NYT Strands hints, answers for August 13 What to expect when a tech bubble bursts Seattle Storm vs. Atlanta Dream 2024 livestream: Watch live WNBA Mark Zuckerberg commissioned a statue of his wife, Priscilla Chan, and the internet kinda likes it Australian Olympic breakdancer Raygun calls viral response 'pretty devastating' Google Pixel Watch 3 preorders are live — here's where to get yours Best Apple Watch deals: Save on Series 9 and more Best gaming deals: Save on games like 'Paper Mario: The Thousand

2.536s , 10120.265625 kb

Copyright © 2025 Powered by 【Science Fiction Archives】,Pursuit Information Network  

Sitemap

Top

Quick Links