Yes, you will need to change your passwords, AGAIN! Reports of a massive memory leak from web services and security company Cloudflare show that user data from thousands of websites may have been exposed.
ALSO READ: Hacker Steal Data Of 500 Million Yahoo Users
Although a lot still has to be discovered about the leak, which is being referred to as Cloudbleed – a play on words referring to the Heartbleed bug in 2014. But one thing is clear: the leaked user data was cached by the search engines meaning that once it was indexed, the hackers may have scraped it and stored that data.
The leak was caught by a member of Google’s security team, Tavis Ormandy, during their Project Zero on February 18th. Cloudflare has exhaustively mentioned the details of the bust and patch up in a blog post.
Could someone from cloudflare security urgently contact me.
— Tavis Ormandy (@taviso) February 18, 2017
“the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage.”
Despite the fact that there has been no official list of the sites affected, many services are still asking their users to change their login credentials. A Github user did speculate on the list of sites affected, along with the note that
“just because a domain is on the list does not mean the site is compromised, and sites may be compromised that do not appear on this list.”
The Github user claims that up to 4,287,625 sites may be at risk, while Cloudflare itself has admitted to over 1000 compromised domains.
Even sites like Authy have made to the list. Its presence in the list indicates that even accounts protected by a 2-step authentication may be at risk of being affected.
The Cloudflare post notes,
“We have also not discovered any evidence of malicious exploits of the bug,”
Though these statements are similar to something which we hear after every gigantic leak.
Below is the list of some of the notable sites that may have been compromised. If you have an account on any of these or from this Github list, we recommend you to change your passwords.
We would like to know your thoughts on this event. Comment below!