WannaCry and EternalRocks ransomware made a lot of noise recently. But some of you may have come across the news of Cloudbleed bug about four months back. This bug puts user’s private information in jeopardy. There is still a lot of confusion about it and its actual impact.
What is Cloudbleed?
An Internet company, Cloudflare, which provides security services to millions of websites made the announcement that a bug, named Cloudbleed, had randomly leaked sensitive customer data across the internet, some days after the attack.
Even though you may not have heard the name Cloudflare, the chances are that a website you may have visited uses this company for their security. Tavis Ormandy of Google’s Project Zero had given this name to the bug, as he was the one, who informed Cloudflare about this security breach.
Though Cloudflare reported that only some of its clients were affected, however, the actual number of websites affected might be much higher.
Is Cloudbleed still active?
It does not seem to be so, as Cloudflare controlled the bug within 44 minutes of finding out about it and fixed the problem completely within 7 hours.
It was believed that Cloudbleed was affecting websites since last September, with the maximum of the attack occurring between Feb. 13 to 18, 2017. However, the only sigh of relief was that the exposed data which include included sensitive cookies, login credentials, API keys, and some of Cloudflare’s own internal cryptography keys was not been posted on high-traffic sites.
Uber, Fitbit and OKCupid were few of the companies which were directly affected, however, they assured their customers about the security of their data.
Though, Cloudflare took immediate measures after the attack, however, some of the saved secure information was cached by Google, Bing and Yahoo. Therefore, nobody was sure that any of this information was accessed by hackers or not.
Whatever has happened, has happened. Nothing can be undone now, but you can do something to protect yourself from such things if that happens again.
The protection steps are as follows:
- Change the password of your account
- Find out whether the website of your account was relying on Cloudflare.
- If yes, whether they were using two-step verification, if yes, then use it.
- Keep on changing your passwords periodically.
The companies of these websites know your feelings about the security and privacy, and they too have been worried. On a positive note, it seems that their concern will go a long way toward improving things for everyone.