This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Cloudbleed - Welcome to 2017

At the bottom of the post is a link to a Cnet article on the issue.  Here is what we know so far.

The problem occurred about six months ago when someone made a one character mistake in the software that runs Cloudflare.  It let sites all over the Internet (like Google) cache data that they should have never had visibility into.  Data like passwords, cookies, and even private messages between people on a site that uses Cloudflare.

Normally this data would be encrypted but since Cloudflare runs at the edge, the cached data was clear text.

Cloudflare and others are racing to delete this data from the places it was cached and hacker teams are digging to find it before it is deleted/hidden.

Cloudbleed, affects about 3400 sites like Fitbit and Uber. Some early reports on this showed up on twitter Thursday (2/23/2017) but today the stories now are showing up on mainstream media.

My recommendation is to enable two-factor authentication on all sites that support it.

https://www.cnet.com/news/cloudbleed-uber-fitbit-okcupid-cybersecurity-password-information-exposed-wide-reaching-flaw/

Radioteacher, CISSP