Cloudbleed is the result of an error in Cloudflare’s code which resulted in the spill of millions of personal information, login credentials and cookies all over the internet. The bug was recently discovered by the internet security company (Cloudflare), and since then, they have worked to minimize and containing the security risks. As it stands, it appears that the hackers haven’t exploited this vulnerability. There is therefore still hope. Internet users just need to remain vigilant. Read on to find out what Cloudbleed can do and how internet users can stay safe in spite of it.
What is ‘Cloudbleed’?
It is a bug similar to but less severe than Heartbleed. It has compromised millions of websites and accounts. According to a discovery by Google security researcher Tavis Ormandy, Fitbit, Uber, OkCupid and several Cloudflare-hosted websites, were inadvertently leaking and saving customer information within the source code.
When someone visits a Uber page that has been bugged, he or she may find that website code contains data and login credentials of another user who recently visited the page. Yes, the data may be hidden between several lines of code, but they can easily be found by a skilled hacker, although the data may be difficult to exploit.
Since the Cloudbleed bug randomly picks up bits of information, some of which may not contain sensitive information. Busy cybercriminals may find it as a less lucrative point of attack. In the long run, however, a cybercriminal may be able to compile enough information to exploit, even though it does not seem to be a viable option for targeted attacks.
Cloudflare believes that ‘Cloudbleed’ was found in over 6,4000 websites and set off 1,240,00 times between September 22 and February 18. The internet security company quickly alerted affected websites, fixed the code, removed cached pages from search engines, and monitored client websites for any strange website activity after the bug was discovered.
Fitbit, Uber, OkCupid and other Cloudflare-hosted websites checked what data was leaked and reassured customers that the impact on their private information was minimal.
But is it minimal? Take for instance if the information hacked is medical related, it offers a large healthcare IT risk. If a hospital’s medical records are hacked due to poor healthcare IT control, patient’s data can be stolen and the files forwarded to unauthorized persons and sold. In the USA for instance, over 6550,000 medical records have been stolen. The effect may not be immediate, but such important and personal information in the wrong hands can be used against you someday.
Is there any protective measure you can adopt? Of course, there is, Cloudflare and other companies may want to make you believe that Cloudbleed attacks and password leaks are low, it will be wise of you to ensure still that your account is safe.
How? First of all, set a stronger password; use a combination of numbers, letters, and special characters and symbols. For example, instead of using just ‘Manuelice’ you can use ‘Manuelice_2002@’ it is a stronger password. Secondly, ensure you use unique passwords for every online service , especially those that use Cloudflare.
Thirdly, as much as possible, use two-factor verification to keep your account secure in case someone gets a hold of your password