Show Menu

Time to change those passwords… AGAIN!

By on 24 February 2017

Big news today is the leaking of sensitive information by Internet giant Cloudflare over the past few months…

Cloudflare is a web security and content optimisation service used by thousands of websites. Among their customers are some well-known services such as ride-sharing service Uber, the ever-popular Fitbit, and dating site OKCupid. This is not a case of Cloudflare being hacked and sensitive information stolen, but rather a software bug that caused sensitive information to be exposed during normal use of websites hosted by them. While only a very, very small portion of content leaked, the exposure was substantial given the massive scale of Cloudflare’s operations. Now dubbed “Cloudbleed”, the scale of the problem is being equated to the Heartbleed bug in 2014.

Threatpost has a good write-up on the information leak at https://threatpost.com/cloudflare-bug-leaks-sensitive-data/123891

What you need to know and what you should do?

  1. It is possible that your private information or passwords leaked out if you used a Cloudflare-hosted website in recent months. You would not even have been aware that Cloudflare was in the picture, so work on the assumption that it was indeed the case. It is possible that the bad guys could have obtained leaked personal information about you—there is no proof that this vulnerability has actually been exploited.
  2. If you are using the same password on multiple websites, then you are increasingly more exposed to attack. The bad guys keep on building their password databases, and are getting better and better equipped to break in wherever they want.
  3. We recommend that you pause and change every single password. We strongly recommend you use a different password everywhere. No need for panic, but do this!
  4. We recommend that you use a password manager to keep track of all your many passwords. (Ironically, the 1Password password manager service could have been compromised by this very leak!) Here in our office, we like to use Keepass Password Safe. It stores your passwords on your computer in an encrypted database. You can get it here: http://keepass.info.
  5. Use anti-virus software on all your computers and mobile devices. Stay away from the free stuff—you do get what you pay for—and go for a reputable package such as Norton or McAffee.

Stay safe and out of trouble!

Posted in