The good news and the bad news: Cloudflare, an internet infrastructure security and performance company providing its services to millions of websites, revealed on Thursday, February 23, 2017, that a bug in their system caused a memory leak.
The Good News About Cloudflare’s Cybersecurity Leak
While it may be hard to find anything positive about a cybersecurity leak from a company as large as Cloudflare who provides its security and performance services to about six million websites, there is a silver lining in this cloud. The leakage of information from the websites involved a bug in Cloudflare’s coding rather than a successful hacking of customer-sensitive information. Bits and pieces of information such including cookies, messages, passwords, personal info and more were divulged through the data leak found their way to search engines and websites.
In its announcement of the data leak on February 23, 2017, Cloudflare thanked Google’s Project Zero team for notifying Cloudflare of the issue once Google’s team became aware of it on February 17, 2017. The announcement detailed the corrective action Cloudflare took to fix the coding bug, explaining “we were completely finished globally in under 7 hours with an initial mitigation in 47 minutes.”
Some of the leaked data would be unusable to would-be criminals due to security protections in use by some of the sites using Cloudflare.
Cloudflare data leak potentially exposed trove of passwords, personal information for months | PBS NewsHour https://t.co/pwmscN5dZc
The Bad News About Cloudflare’s Cybersecurity Leak
It appears that the data leakage began to be an issue in September 2016, with Cloudflare determining that the period of greatest leakage occurred between February 13 through February 18, 2017, with one in every 3,300,000 HTTP requests through the company potentially leaking sensitive information.
To Change or Not Change Your Passwords, That Is the Question
While many cybersecurity experts are advising internet users to change their passwords in light of Cloudflare’s data leakage, not knowing what sensitive information may still be available in the public domain, Joseph Steinberg, a cybersecurity expert himself, has advised against it, unless Cloudflare itself, or one of the sites whose data was leaked, tells you to do so.
Steinberg likens the need for a password change due to the data leakage to the decision a homeowner would need to make if s/he left the house key in the door overnight: Do you change all your locks because there is a chance a criminal saw the key in the door and copied it or do you wait to find out that an undesirable person stole your house key?
Freelance writer of 15+ years who is passionate about writing. Liberal Arts and Social Sciences background. Avid reader.Thirty-plus years experience as a registered nurse. Have lived in various parts of the United States, including a recent seven-year stint in Oklahoma City and back home now in Ohio. Writes about U.S. News, Health and Politics for The Daily Voice News. Contact me at [email protected]