Massive Cloudflare Bug May Have Been Leaking Uber, Fitbit and OKCupid Passwords for Months

Security researchers revealed a major software bug has been leaking the passwords of Fitbit, OKCupid, and Uber accounts for months. Cloudflare said on Friday there was no sign yet the leak had been exploited by hackers — but security experts have said there is no way the company could know this.

Cloudflare hosts 6 million websites.

British researcher working on Google’s Project Zero security team, Tavis Ormandy wrote in a statement:

“I’ve informed Cloudflare what I’m working on. I’m finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We’re talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.”

According to Cloudflare’s post on the issue, data leaked between September 2016 and February 2017.

Cloudflare CTO John Graham-Cumming said the problem had been fixed quickly and most of the exposed data removed from the caches of search engines like Google.

“We’ve seen absolutely no evidence that this has been exploited,” he told Reuters by phone. “It’s very unlikely that someone has got this information.”

For more on this developing story, continue reading here.

@Robinrazzi


Follow Me:

Robin is a digital content creator and has worked in the digital space for nearly ten years. "Robinrazzi" is a nickname given from a former colleague and is a perfect integration of her name and one of her greatest hobbies of having a camera in hand to capture once in a lifetime moments like paparazzi. She has traveled the world covering entertainment, celebrities, events and anything trending. She holds a BA in communications from Penn State and MS in marketing from Johns Hopkins University. She currently serves as Digital Content Coordinator for WHUR.

Stay Connected:

Comments Welcome