Cloudflare Bleeds Sensitive Data All Over The Internet

Cloudflare Bleeds Sensitive Data All Over The Internet
A coding error led to chunks of potentially sensitive data ending up unsecured on different websites.

You'd better change your passwords. The internet has suffered another major data leak.

Today's victim is Cloudflare, a web security and data management company that runs a sizable chunk of the internet's infrastructure.

The trouble lies in how Cloudflare processed HTML pages, which required information to be stored temporarily in a buffer. A bug caused Cloudflare's buffer to overflow, and the extra data was dumped unsecured on other websites.

The Google researcher who reported the bug was able to grab chunks of sensitive info from companies like Uber, OKCupid and FitBit. He even gave the whole thing a name: Cloudbleed, after another famous bug.

Cloudflare says the bug only hit one out of every 3.3 million page requests during the biggest period of impact. It's hard to pin down what information was actually affected by the leak or whether anyone was able to exploit it. 

But given the potential types of data leaked and the range of companies potentially affected, it's probably better to play it safe and change your passwords.