Security researchers from Google’s Project Zero have uncovered a critical bug in Cloudflare which allowed sensitive data — like passwords, cookies and encryption keys — from many hosted websites to leak online. Security researchers from Google’s Project Zero have uncovered a critical bug…
Security researchers from Google’s Project Zero have uncovered a critical bug in Cloudflare which allowed sensitive data — like passwords, cookies and encryption keys — from many hosted websites to leak online.
Patreon, Y Combinator, Medium, 4chan, Yelp, OKCupid, Zendesk, Uber and 23and Me are among the most-important affected websites. This security issue is so important that it is now being referred to as cloudbleed.
The bug, which was discovered on February 17 according to Project Zero’s Tavis Ormandy and is now fixed, has caused the most damage between February 13 and February 18, according to Cloudflare, when about one in every 3,300,000 HTTP requests caused data to leak.
