Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended [U]

HACKINTOSH.ORG | Macintosh discussion forums > Macintosh News > iPhone/iPod/iPad News (Moderator: HCK) > Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended [U]

Pages: [1] Go Down

« previous next »

Author

Topic: Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended [U] (Read 350 times)

HCK

Global Moderator
Hero Member

Posts: 79425

Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended [U]

« on: February 26, 2017, 04:05:22 pm »

Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended

<div class="feat-image">

</div>
<p>Update 1: See list of sites below.</p>
<p>Update 2: We received a brief statement from Uber</p>

<p class="p1"><span class="s1">Very little Uber traffic goes through Cloudflare. Only a handful of tokens were involved and have since been changed. Passwords were not exposed.</span></p>

<p>Update 3: OKCupid has made a similar statement</p>
<p></p>
<p>Cloudflare alerted us last night of their bug and we’ve been looking into its impact on OkCupid members. Our initial investigation has revealed minimal, if any, exposure. If we determine that any of our users has been impacted we will promptly notify them and take action to protect them.</p>

<p></p>
<p>User data from 3,400 websites has been leaked and cached by search engines as a result of a bug in Cloudflare, a content delivery network. Sites affected over the course of several months include major ones like Uber, Fitbit and dating site OKCupid. 1Password also uses Cloudflare, but says that end-to-end encryption means that no customer data was exposed.</p>
<p><a href="https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/" target="_blank">ArsTechnica[/url] reports that the leaks were spotted by Google security researcher Tavis Ormandy.</p>

<p class="p1"><span class="s1">We observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.</span></p>

<p>Cloudflare has admitted that the breach occurred, but Ormandy and other security researchers believe the company is underplaying the severity of the incident …</p>
<p> <a href="https://9to5mac.com/2017/02/24/cloudflare-server-breach-cloudbleed-uber-fitbit-okcupid/#more-469376" class="more-link">more…[/url]</p>
Filed under: <a href='https://9to5mac.com/category/apple/'>Apple[/url] <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gocomments/9to5mac.wordpress.com/469376/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/comments/9to5mac.wordpress.com/469376/" />[/url] <a rel="nofollow" href="http://feeds.wordpress.com/1.0/godelicious/9to5mac.wordpress.com/469376/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/delicious/9to5mac.wordpress.com/469376/" />[/url] <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gofacebook/9to5mac.wordpress.com/469376/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/facebook/9to5mac.wordpress.com/469376/" />[/url] <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gotwitter/9to5mac.wordpress.com/469376/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/twitter/9to5mac.wordpress.com/469376/" />[/url] <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gostumble/9to5mac.wordpress.com/469376/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/stumble/9to5mac.wordpress.com/469376/" />[/url] <a rel="nofollow" href="http://feeds.wordpress.com/1.0/godigg/9to5mac.wordpress.com/469376/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/digg/9to5mac.wordpress.com/469376/" />[/url] <a rel="nofollow" href="http://feeds.wordpress.com/1.0/goreddit/9to5mac.wordpress.com/469376/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/reddit/9to5mac.wordpress.com/469376/" />[/url] <img alt="" border="0" src="https://pixel.wp.com/b.gif?host=9to5mac.com&blog=22754319&post=469376&subd=9to5mac&ref=&feed=1" width="1" height="1" /><img alt="" border="0" src="https://pixel.wp.com/b.gif?host=9to5mac.com&blog=22754319&post=469376&subd=9to5mac&ref=&feed=1" width="1" height="1" /><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/9To5Mac-MacAllDay?i=3YsL9UlYcgk:Iy0vO4Geyfc:D7DqB2pKExk" border="0"></img>[/url]
</div><img src="http://feeds.feedburner.com/~r/9To5Mac-MacAllDay/~4/3YsL9UlYcgk" height="1" width="1" alt=""/>

Source: Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended


	Logged

Pages: [1] Go Up

« previous next »

Jump to: