TechViews News …..
Cyber criminals cause havoc by breaking into web services with attempts to steal personal data. And they can use various hacking methods with names like brute force, social engineering, zero-day exploits and software exploits and hacks.
But what if a simple typo could inadvertently leak out data without hacker intervention?
A coding error in a popular web hosting company’s programming was discovered to cause thousands of websites to leak sensitive data including passwords, encryption keys and cookies for months.
Affected sites include services like Yelp, OKCupid, Uber, Fitbit, Patreon, Fiverr, Forbes, and many others.
Cloudflare, whose service is used by more than 5.5 million websites, admitted that there was indeed a serious memory leak that may have contained sensitive information.
Google’s Project Zero researcher and bug hunter Tavis Ormandy spotted the issue on February 18th and promptly informed Cloudflare about it.
The Cloudflare leak was apparently caused by a single typo. The vulnerability occurs by using the character – ‘>’ rather than ‘=’ – in websites using Cloudflare’s software source code.
It is thought that the data leakage may have been going on as far back as September 22 of 2016. And to make matters even worse, leaked sensitive data may have been cached by search engines which made this bug even more serious.
Here’s a list of some of the notable sites affected by “Cloudbleed”:
- curse.com (and some other Curse sites like minecraftforum.net)
Since the sensitive data has been potentially exposed for months and was cached publicly in search engines, it is wise to change your passwords if you are using any of the affected Cloudflare sites.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet SecurityBe Safe – Backup Your Data Regularly!