{"id":8440,"date":"2017-02-25T07:31:57","date_gmt":"2017-02-25T07:31:57","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/?p=8440"},"modified":"2019-11-22T10:07:44","modified_gmt":"2019-11-22T10:07:44","slug":"cloudbleed-5-million-sites-impacted","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/cloudbleed-5-million-sites-impacted\/8440\/","title":{"rendered":"CloudBleed: 5 million sites impacted"},"content":{"rendered":"<div class=\"entry-content post_content\">\n<p>Earlier this week, Google Project Zero researcher Tavis Ormandy released a report outlining vulnerabilities in <a href=\"https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1139\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Cloudflare\u2019s content delivery network<\/a>. The vulnerability was leaking private data from encryption keys to private messages belonging to users of some of the Internet\u2019s biggest properties.<\/p>\n<p>Earlier today, <a href=\"https:\/\/threatpost.com\/cloudflare-bug-leaks-sensitive-data\/123891\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Threatpost\u2019s Mike Mimoso quoted one of the affected sites<\/a>:<\/p>\n<p>\u201cWe are currently investigating the issue reported with Cloudflare\u2019s service to understand how it impacts our users. We encourage anyone who believes they have an issue to notify our team at security@fitbit.com. Concerned users can change their account password, followed by logging out and in to the mobile application with the new password. We recommend that users avoid reusing passwords associated with their email address or any other accounts, as this practice leaves them more vulnerable to malicious behavior.\u201d<\/p>\n<p>According to Robert Hansen, posting at OutsideIntel, the vulnerability potentially affects <a href=\"https:\/\/www.outsideintel.com\/cloudflares-cloudbleed-surface-area\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">more than 5 million sites<\/a> including such popular sites as FitBit and OkCupid. The bug was active from February 13 to February 18. During that period, one out in 3.3 million HTTP requests made through Cloudflare may have leaked data.<\/p>\n<p>What does that mean for you?<\/p>\n<p>Well if you use any of the sites listed on the list <a href=\"http:\/\/gizmodo.com\/cloudbleed-password-memory-leak-cloudflare-1792709635\" target=\"_blank\" rel=\"noopener nofollow\">published by Gizmodo<\/a>, you should probably change your password for safety\u2019s sake. Overall, this is still an evolving story, so stay tuned to our friends over at Threatpost for the latest news.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>What you need to know about Cloudbleed<\/p>\n","protected":false},"author":636,"featured_media":8441,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1622,2026],"tags":[97],"class_list":{"0":"post-8440","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-threats","9":"tag-security-2"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cloudbleed-5-million-sites-impacted\/8440\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/security-2\/","name":"security"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/8440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=8440"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/8440\/revisions"}],"predecessor-version":[{"id":17563,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/8440\/revisions\/17563"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/8441"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=8440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=8440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=8440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}