CloudBleed: What you need to knowCloudFlare, a popular internet intermediary service that provides performance and security for a host of other sites, has had a large data leak.
Dubbed "CloudBleed", it made potentially sensitive information available online, including from popular sites like OKCupid and Authy.
What happened with Cloudflare?
From the CloudFlare blog:
Last Friday, Tavis Ormandy from Google's Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.
It turned out that in some unusual circumstances, which I'll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.
For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflar...
Source:
CloudBleed: What you need to know