1. Home Page
  2. Current
  3. Bug results in data leak by Cloudfare
Bug results in data leak by Cloudfare

Bug results in data leak by Cloudfare

Company says no sign of criminal activity

By Barry Eitel

SAN FRANCISCO (AA) – Internet services company Cloudflare revealed Friday a software glitch caused hundreds of thousands of webpages that utilize its hosting platform to leak encrypted personal data online.

The company said, however, there is no evidence hackers exploited the leak for criminal activity. Cloudflare is used by millions of websites to enhance cybersecurity and performance.

The bug was first noticed Feb. 17 by Tavis Ormandy of Google's Project Zero security initiative, but information may have been seeping onto the web since September 2016.

Cached data, including passwords, hotel bookings and private messages leaked from online dating services were discovered stored on non-descript webpages linked to Cloudflare. Ormandy noticed the data was available to anyone using Google’s search engine.

Cloudflare declared that all the leaked data had been cleaned up and is no longer searchable via Google.

“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines,” Cloudflare’s Chief Technology Officer John Graham-Cumming wrote in an incident report about. “We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.”

The leakage was most significant between Feb. 13 - 18, just after Cloudflare rolled out a software update.

According to Graham-Cumming, one in every 3.3 million HTTP requests, a type of web communication between networks that is essential for webpages to work, through Cloudflare may have resulted in leaked memory.

That is about 0.00003 percent of all requests, but still a substantial figure considering Cloudflare hosts 6 million websites making a massive number of requests every minute.

Cloudflare’s cybersecurity team found 770 unique instances of leaked data through search engines including Google, Yahoo and Bing. The search engines assisted in purging the data.

Cloudflare also scoured platforms like Pastebin, a favorite for hackers posting leaked data, but it did not find any malicious use of the leaked information.


Kaynak:Source of News

This news has been read 465 times in total

ADD A COMMENT to TO THE NEWS
UYARI: Küfür, hakaret, rencide edici cümleler veya imalar, inançlara saldırı içeren, imla kuralları ile yazılmamış,
Türkçe karakter kullanılmayan ve büyük harflerle yazılmış yorumlar onaylanmamaktadır.
Previous and Next News
Current
Protests in Netherlands condemn McDonald's for supporting Israel
Protests in Netherlands condemn McDonald's for supporting Israel
UK charity surveys unexploded Israeli bombs to ensure Gaza safety
UK charity surveys unexploded Israeli bombs to ensure Gaza safety
Abbas fears Israel mulling to deport West Bank Palestinians to Jordan
Abbas fears Israel mulling to deport West Bank Palestinians to Jordan
Somalia suspends, detains members of US-trained unit for theft
Somalia suspends, detains members of US-trained unit for theft
'China, US should be partners rather than rivals,' says President Xi
'China, US should be partners rather than rivals,' says President Xi
Holocaust survivor stands in solidarity with Gaza protesters at George Washington University
Holocaust survivor stands in solidarity with Gaza protesters at George Washington University
Northern Cyprus' president receives Turkish defense chief
Northern Cyprus' president receives Turkish defense chief
Pro-Palestinian activists begin encampment at University of Pennsylvania
Pro-Palestinian activists begin encampment at University of Pennsylvania