Cloudflare has patched critical security flaws that could have allowed leaks of data from thousands of websites over a six-month period. Cloudflare and security researchers are still watching to see if any leaked data has been exploited.
A new type of data leak has come to light that could impact millions of people around the globe. Google Project Zero, the research effort to find and fix critical software security flaws, reported that a vulnerability on the Cloudflare security service could enable the leak of passwords and data. According to Cloudflare, the flaw could have allowed leaks of sensitive data from thousands of websites over a six-month period. This incident has been dubbed Cloudbleed by some people in the cyber-security community because the threat was potentially as serious as the “Heartbleed” OpenSSL cryptography flaw that was reported in 2014 which posed a serious security threat to thousands of websites.
