Massive Cloudflare Bug May Have Been Leaking Uber, Fitbit and OKCupid Passwords for Months

Security researchers revealed a major software bug has been leaking the passwords of Fitbit, OKCupid, and Uber accounts for months. Cloudflare said on Friday there was no sign yet the leak had been exploited by hackers — but security experts have said there is no way the company could know this.

Cloudflare hosts 6 million websites.

British researcher working on Google’s Project Zero security team, Tavis Ormandy wrote in a statement:

“I’ve informed Cloudflare what I’m working on. I’m finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We’re talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.”

According to Cloudflare’s post on the issue, data leaked between September 2016 and February 2017.

Cloudflare CTO John Graham-Cumming said the problem had been fixed quickly and most of the exposed data removed from the caches of search engines like Google.

“We’ve seen absolutely no evidence that this has been exploited,” he told Reuters by phone. “It’s very unlikely that someone has got this information.”

For more on this developing story, continue reading here.


Follow Me:

I am a digital content creator and have worked in the digital space for more than ten years. "Robinrazzi" is a nickname given from a former colleague because I'm known for having a camera in hand at all times. I have traveled the world covering entertainment events, celebrities and anything trending. I earned my BA in Communications from Penn State and a MS in Marketing from Johns Hopkins University. I currently serve as Director of Digital Content for WHUR and the Howard University Radio Network.

Stay Connected:

Comments Welcome