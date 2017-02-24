The company that serves web pages for many popular sites including Uber and Yelp has been inadvertently leaking some private user information since last September.
Cloudflare, which provides a host of services to websites including security, technology to boost performance speed, and traffic analytics, discovered last week the company’s servers had a security problem. Google’s Project Zero, which looks for security vulnerabilities, informed Cloudflare of the issue last Friday.
“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines,” Cloudflare said in an post on its website. “We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.”
The company said most of the information released became viewable last week between Feb. 13 and Feb. 18, when 1 in every 3.3 million HTTP requests leaked memory. (When you visit a website, your browser makes an HTTP request to load the page.) According to Cloudflare, that means about .00003 percent of requests could have leaked personal information.
Other popular sites that use Cloudflare and could have had data compromised include dating website OKCupid and Medium, a blogging platform.
The company said it had previously spent hours ensuring its technology wouldn’t be a security risk, but the problem actually stemmed from and old piece of software that contained “a latent security problem” that only showed up when Cloudlfare was moving away from using it.
Cloudlfare has not produced an official list of impacted domains, but a list of the sites that use its DNS service can be found here. A site’s inclusion on the list does not mean it has been compromised, but it is best to change passwords as a precautionary measure.
Comments