Hopefully, last Thursday, you weren’t hiding under a rock, because a major news story broke about a serious internet security threat. Dubbed “Cloudbleed,” experts deem it to be as huge as the 2014 Heartbleed bug. Cloudbleed is so named because it originates from Cloudflare, the security company behind some of the largest websites on the net: Uber, Fitbit, Medium and Yelp, for starters (full list here).
The good news? Once it was found, it was patched pretty quickly, and experts believe it may not have been widely exploited while it was out in the wild. The bad news? This leak may have been going on from as early as September 2016. How much user information is now online is debatable, and experts aren’t even agreeing on whether or not you should change your passwords (our take? Yeah, you should; it can’t hurt).
- CloudBleed: Should You Reset Your Passwords? [Fortune] “And while Google is reportedly working to scrub its own archives, the data will likely continue floating around in a variety of other public and private caches. That, plus the huge scope and scale of the problem, means that security-conscious web users should reset their passwords—all of them.”
- What You Need to Know About Cloudbleed [Select/All] “Do you have to, as Gizmodo put it, ‘Change Your Passwords. Now’? Not necessarily. Much of that hand-wringing comes from an enormous list of sites that use Cloudflare, whose author admits, “just because a domain is on the list does not mean the site is compromised, and sites may be compromised that do not appear on this list.”
- Why you shouldn’t freak out (yet) about the ‘Cloudbleed’ security leak [CNN Tech] “Caution is warranted, though. Ryan Lackey, a security entrepreneur who formerly worked at Cloudflare, said since people can’t be certain what information, if any, was affected, they may want to change their passwords.”
- Massive Bug May Have Leaked User Data From Millions of Sites. So … Change Your Passwords [Wired] “To mitigate whatever risk does remain, security researcher and former Cloudflare employee Ryan Lackey suggests changing every password for every online account, since the “Cloudbleed” leak could have exposed anything.”
From the Ohio Web Library:
- Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster (FARS News AgencyPoints of View Reference Center, EBSCOhost (accessed February 27, 2017)).
- Heartbleed Remains a Risk 2 Years After It Was Reported (Kerner, S. M. (2016). Heartbleed Remains a Risk 2 Years After It Was Reported. Eweek, 3.)
(Featured image from https://medium.com/@octal/cloudbleed-how-to-deal-with-it-150e907fd165#.f755e9sqp)
