Last week we found out about Cloudbleed, a bug on Cloudflare services that resulted in data leakage from a number of websites. Here’s a list of websites confirmed to have had data exposed.
Cloudflare hasn’t released a list of websites that have been affected by Cloudbleed, but programmer Dorian Marié (DoMa) has compiled a list of domains that have been confirmed to have experienced data leakage due to the buffer overflow bug.
According to Marié, the list is based on caches from Google and DuckDuckGo along with comments from the Hacker News forum.
Here are a few domains on the list:
- android-cdn-api.fitbit.com
- cn-dc1.uber.com
- secure.meetup.com
- img.kpopmap.com
You can find the full list here over at Marié’s blog DoMa.io.
Over the weekend, various tools have been released to check whether a particular website/domain uses Cloudflare services, probably based on this list by ‘pirate’ on GitHub. However, it’s worth noting that just because a website appears on the GitHub list doesn’t mean it was affected by Cloudbleed.
As we’ve previously discussed, Cloudflare is used by over 5.5 million websites around the world but Cloudbleed only affected certain services. According to Cloudflare, “around 1 in every 3,300,000 HTTP requests through Cloudflare potentially [resulted] in memory leakage (that’s about 0.00003% of requests)”.
Having said that, any website that uses Cloudflare’s DNS could potentially be affected. The problem is we don’t really know the scale of just how many websites were impacted. We can’t downplay the security concerns Cloudflare has raised given the type of information that has leaked.
Full disclosure: Lifehacker Australia uses Cloudflare services but was unaffected by Cloudbleed. We actually received an email from Cloudflare confirming this.
According to Tavis Ormandy, the Google security researcher who discovered Cloudbleed: “I’m finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We’re talking full HTTPS requests, client IP addresses, full responses, cookies, passwords, [encryption] keys, data, everything.”
You can find more information about Cloudbleed and the steps you should take in response to it in our previous article.
[referenced url=”https://www.lifehacker.com.au/2017/02/cloudflare-cloudbleed-bug-exposes-sensitive-data-who-is-affected/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2017/02/iStock-115918337-410×231.jpg” title=”Cloudflare’s ‘Cloudbleed’ Bug Exposes Sensitive Data: Who Is Affected?” excerpt=”CloudFlare, a content delivery network and web security provider used by millions of websites, has admitted that a severe security vulnerability has caused sensitive data to be exposed across a number of different websites. It has been dubbed Cloudbleed and is said to be worse than Heartbleed, a similar bug from 2014. What exactly is Cloudbleed and how could you be affected by it? Let’s find out.”]
Comments