By now, you might have heard of Cloudbleed, the nasty data breach that a Google security researcher discovered last week in widely used internet security program Cloudfare. But what should you be doing about it?
The good news is that Cloudflare repaired the issue almost immediately. The bad news is there are a lot of sites potentially affected. Here's what you need to know about Cloudbleed, and how to protect your data.
A Security Company Suffers a Data Leak
Cloudflare is a self-described "web performance and security company," and its tech is running on a ton of popular websites. Which is where the problem begins. Essentially, an unnoticed bug in the company's code allowed sensitive information to be leaked across the internet.
Passwords, personal information, messages, cookies, and more are thought to have been vulnerable since last September. Cloudflare notes that over 1,000 domains could be affected, but a Github user found that over 4 million sites could be at risk.
Two-Factor Authentication Is Your Friend
Notable sites that could be affected include Uber, Fitbit, and Yelp, as well as Discord, CrunchyRoll, and Udemy. And there are many, many more. You can check this GitHub thread to see the list of sites possibly affected by the leak. Alternatively, you can also check Does it Use Cloudflare? to determine whether one of your favorite sites uses the tech.
However, regardless of whether or not you see your favorite sites on those lists, it's not a bad idea to go ahead and change your passwords. Yes, all of them. It's also a good idea to set up two-factor authentication or two-step verification on all the accounts you can as well, just in case.
Readers, how do you combat security leaks like Cloudbleed? Let us know in the comments below!