Cloudbleed: What you need to know
As you might have heard, Cloudflare, a security & network service provider, recently notified users about a major bug in their system that compromised user data. Since the announcement, the bug has been fully patched. However, as the technology landscape is constantly changing it is important to understand the severity of this bug and take the necessary steps to proactively prepare for when the next issue occurs.
What happened? If you don’t care much about the technical details, here’s the simple version: a bug was found in Cloudflare’s website that caused data flowing through their network to be leaked onto the internet. Dubbed “Cloudbleed” in reference to the notorious “heartbleed” breach in 2014, the leak stems from a bug found in their code. Millions of companies user info was compromised.
How does it affect me? There are a large number of Cloudflare’s services and websites that use parsing HTML pages and modify them through Cloudflare’s Edge Servers. Even if you don’t use Cloudflare directly, there is a chance that websites you visit and web services you use may have been affected. While CloudFlare’s service rapidly patched the bug and have communicated that the actual impact is relatively minor, data was leaking constantly before this — for months.
What should I do now? At this point, the most effective thing you can do is to update your passwords as soon as possible. We strongly encourage you to use strong, unique passwords on each and every one of your accounts to prevent a hacker from accessing multiple accounts if one is compromised. We also recommend resetting two-factor authentication tokens for accounts where it’s enabled, since 2FA codes may have been compromised. If you haven’t enabled 2FA yet, make sure you do so for all of your accounts whenever it’s available.
In conclusion, updating your passwords may seem like a mountain of a task, but the costs of not doing so leaves much more at stake. Worksighted is here to help you make security simple and your top priority. If you have any questions, please feel free to reach out to your dedicated Client Success Manager at any time.