Lovers, drivers, foodies, and steppers – change your passwords.
A software bug discovered in CloudFlare, a popular web performance and security company, may have compromised the security of over 5 million websites, including Fitbit, Yelp, Uber, and OkCupid. Full list of sites compromised. So change your PASSWORDS!
The leakage was discovered by Google security engineer Tavis Ormandy while he worked on an unrelated project. As soon as he and his colleagues realized what the strange data they were seeing was, and where it was coming from, they alerted CloudFlare.
All of this happened on February 18th. Cloudflare assembled an incident response team and killed the feature that was causing most of the leakage within hours. A complete fix was in place by February 20th. The rest of the time, until the incident was publicly disclosed Thursday, was spent working with search engines to scrub the sensitive data from their caches.
What is CloudFlare?
You might not be familiar with CloudFlare itself, but the company’s technology is running on a lot of your favorite websites. CloudFlare describes itself as a “web performance and security company.” Originally an app for tracking down the source of spam, the company now offers a whole menu of products to websites, including performance-based services like content delivery services; reliability-focused offerings like domain name server (DNS) services; and security services like protection against direct denial of service (DDoS) attacks.
The struggle continues….
See this article about changing your password – NOW!