Major data breach exposed Uber, Fitbit & OkCupid info

Major data breach exposed Uber, Fitbit & OkCupid info

Major data breach exposed Uber, Fitbit & OkCupid info

In a later post, he found the issue to be even more severe: "I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings". "The Ragel code we wrote contained a bug that caused the pointer to jump over the end of the buffer and past the ability of an equality check to spot the buffer overrun", writes Graham-Cumming.

Still, it's an extremely important company for the infrastructure of the internet. Apparently, Cloudflare's platform was said to have been inserting random data, such as passwords, from its websites onto other websites, which may have ultimately been cached by search engines.

Google's Tavis Ormandy posted several redacted examples of the leaked data online.

So what happened? Well, the company explains that in order to modify the HTML of a page, they need to read and parse the GMTL to find elements that need changing, something for which they used a parser written using Ragel.

While it appears nobody has exploited the data, one of the largest difficulties for Cloudflare has been cleaning up the mess that was created. That all changed on February 13, when another system change increased the circumstances under which Cloudbleed could be executed. All the identified cached data was then purged by the search engines.

Cloudflare says it's possible user names, passwords and other information made it onto the open internet. These are not things that should be publicly accessible, even through complicated technical maneuvering.

Among what Google observed was what Prince referred to as Cloudflare's "NSA key".

Going forward, Koons said businesses should take steps to secure their critical data and assets before they reach the Internet, comparing it to putting on a coat before leaving the house in the winter.

Dramatic Increase in Drug Overdoses in the US
The states with the highest rates of overdose deaths in 2015 were West Virginia, New Hampshire, Kentucky and OH , the study found. While all age groups saw increases in death, the 55-to-64 group saw the biggest increase, with a five-fold jump since 1999.

FlyBe airplane landing gear collapses at Amsterdam airport
British regional airline flybe confirmed that one of its aircraft was involved in an accident today at Amsterdam Schiphol airport. The plane landed at such an acute angle that the passengers on one side would nearly have had a view directly down the runway.

Tom Brady shares 'suspect board' in the case of his missing jersey
A Houston police report released Tuesday showed that the case has been assigned to the major offenders division. While Brady walked to the team bus, a reporter asked the quarterback if he had recovered the jersey.

According to the timeline, Cloudflare shutdown one of the capabilities that was at the root cause of the data leakage risk, within 90 minutes of getting the vulnerability details from Google. The three services were shutdown by Cloudflare after getting the Google report and have now been fixed and re-enabled.

"Some of that data had been cached by search engines", said Cloudflare. However, thanks to end-to-end encryption, no customer data was exposed of 1Password users. Cloudflare notified those customers, who, if they're competent, notified their users and mandated a password reset or similar security maneuver.

While the full extent of the breach remains unknown, and Cloudflare has not indicated what specific websites are affected for security reasons, the company was responsible for some 4.2 million domains across the web.

Mobile Nations uses some of Cloudflare's services.

As you can see, the list is absolutely massive. He added that his team has since begun testing CloudFlare's software for other potential problems. It admitted that the earliest date memory could have leaked was September 22 2016.

Do you have to, as Gizmodo put it, "Change Your Passwords".

Sites like TurnOn2FA.com and TwoFactorAuth.org have lists of services that allow users to set up two-factor authorization.

Related news