Cloudflare Bug Leak Puts Corporate Companies at Risk

Cloudflare Bug Puts Corporate Companies at Risk

  • Feb 24, 2017

A software bug at Cloudflare Inc. was disclosed Thursday, February 23. It is believed that this bug has affected company systems since September of last year, causing some of Cloudflare’s web servers to leak information that should have remained private, potentially including passwords and other types of authenticated data.

Before the fix, the bug was said to have affected about one in every 3.3 million web requests processed by its network. Cloudflare serves billions of pages each day, meaning the number of “leaky” pages could add up to nearly 120,000 per day, the company said.

Even worse, some pages were then copied automatically by search engines, making the private information viewable in cached versions of the page’s source code.

Cloudflare has said they have not found any evidence that the leaked data was misused, “Although it is a very scary thing to have private information exposed like this, we think it’s unlikely that someone actually spotted it and did something bad with it.” John Graham-Cumming, Cloudflare’s chief technology officer said in an interview with Wall Street Journal.

It wasn’t immediately clear how many companies were affected by the bug, but Cloudflare has over 5 million customers. Its clients include dating site OkCupid and AngileBits, Inc., maker of the 1Password security software.

The bug was discovered by a researcher at Google a week ago. Cloudflare said it is working with Google and other search-engine companies to remove any leaked data, most of which has been scrubbed by the time the news of the bug was released, Cloudflare said.

Featured

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities