Home United States USA — IT Uber, Fitbit, OKCupid information exposed by wide-reaching flaw

Uber, Fitbit, OKCupid information exposed by wide-reaching flaw


Bug affecting 3,400 websites leaked data, including usernames, passwords and messages sent by end-users.
The login page for OKCupid.com. Web traffic sent over this website and more than 3,000 others was exposed due to a flaw in tool provided by cybersecurity company Cloudflare.
Usernames and passwords leaked onto the open internet earlier this month due to a security bug that affected 3,400 websites, including popular services like Uber, Fitbit and OKCupid, according to a disclosure Thursday by cybersecurity company Cloudflare.
You wouldn’t mind if someone could break into the personal accounts you use to track your movements, fitness and love life, would you?
While there’s no indication hackers actually accessed usernames and passwords, as well as a slew of other private information sent by users over the services, the information was exposed both on corrupted versions of the websites and in cached results on search services like Google and Bing.
“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines,” John Graham-Cumming, Cloudflare’s chief technical officer, wrote in a blog post detailing the flaw .
Google security researcher Tavis Ormandy identified the flaw on Friday. In his report about the bug, which also became public on Thursday, he said he found “private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings.

Continue reading...