Cloudflare has experienced a data leak over a 5 month period that mixed sensitive data between websites and visitors.  Some of the leaked data has been indexed by search engines who have been working over the past few days to try and remove the data from their caches.

More Info: Cloudbleed bug: Everything you need to know

You can search here to see if sites and services you use are on Cloudflare, and there's also an unofficial listing of the more than 4 million sites that could be affected here.

What to do if you use Cloudflare on your Website?

  • WordPress: Change your wp-config.php salts. This will log everyone out and invalidate cookies and sessions
  • Non-WordPress Sites: Invalidate Sessions
    If you use a different publishing platform, you will need to ensure that all sessions are invalidated (your site visitor login cookies need to be made invalid). Consult the documentation of your particular publishing platform to determine how to do this.
  • All Websites using Cloudflare: Suggest your site members change their passwords and change your Admin passwords
    • You may need to comply with any data breach reporting requirements you have
    • If you have HIPAA, PCI or other reporting requirements that relate to data breaches, you may want to get advice on whether you are required to report this incident.


Monday, February 27, 2017

« Back