Cloudflare is an Internet security company, which is used by more than 5.5 million websites in the globe. Cloudflare Servers acts as a security filter between the website servers and the website visitors, like a firewall. The Cloudflare servers affected by a bug code during the September 2016 which never comes to the notice of anyone until a twitter user notify it recently.
Good News is the bug was removed immediately within 1 hour by Cloudflare. Cloudflare released a detailed report regarding this issue. As of now, some people reporting totally 3438 websites data were leaked.
Bad News is the data leaked was indexed by search engines like google, bing. duckduckgo etc. It makes the hackers work more easier. Any one can access the leaked data from the search engines. It is also possible that the hackers who had known this data leak earlier may already collected lot of data from various websites. From February 13 to 18, there was a huge impact in this leak. During this time, vast amount of data were leaked.
Worst News is the data leaked could include cookies of the websites you have visited, passwords, any details that you have provided to those websites, authentication tokens etc. Most importantly the bank or card details may also have been leaked between September 2016 to February 2017. Many such sensitive details are cached by the search engines and listed in the results page.
What everyone should do now?
Immediately change the login password of every website where you gave sensitive and private information. The websites here includes forums, online stores, online service websites etc. People don’t need to check whether any website is using Cloudflare or not, as it is a popular service used by 5.5 million websites. Rather than checking any site is using Cloudflare or not, it is better start to change the passwords.
Previously, a major breach in Yahoo came to light last year. Today, it is a bug in Cloudflare. The security for our private information is getting worse every day that passes.