Cloudbleed security report – change your passwords!

You may have heard of the Cloudbleed vulnerability in the news recently: here’s our take, our advice, and what you need to know.

There is an internet firm called CloudFlare that provides a variety of services to most of the Internet, and among these services is acceleration proxy. What this does is keep several copies of a website in different time zones and areas around the globe to accelerate load times. For instance, if you’re on the USA’s west coast and you browse to a website with servers on the East Coast, CloudFlare will direct you to their West Coast copy instead of waiting for your computer to make it to the East Coast and back, therefore decreasing load times.

Due to one letter being off in CloudFlare’s code, their cache started overflowing into unencrypted space. Data like passwords, 2FA tokens, images, data, credit card data, banking information, emails, pretty much everything may have been leaked into plain sight where a hacker could theoretically get to it.

Here’s what you should do in light of this:

  • Change your passwords. This is a safety precaution to make sure that no bad guys are getting into your accounts.
  • Keep an eye on your bank statement and notifications from your bank. It’s not necessary at the moment to cancel your credit cards or change your bank account numbers, but the second you see a transaction out of place you should inform the bank and take their advice on securing your accounts.

That’s about it. The vulnerability was patched earlier this morning, so you are not at risk moving forward. We also have not heard of any hacker actually taking advantage of this situation. But just to be safe, change your passwords!

Thanks for your patience, and feel free to contact us with any questions or concerns: we’ll be happy to inform you more.

Nico Cropp

Benevolent Overlord


Further reading from other news sources: