Cloudflare, a company that hosts and provides services for millions of websites and cloud-based software applications, announced that user data from over 3400 websites has been leaked and cached by search engines.
What does this Cloudflare security breach mean to me?
You may not have a business account with Cloudflare, but as a consumer, you are likely impacted, as there are 4,287,625 possibly affected domains!
From September 2016 to Feb 2017, thousands of passwords, private messages, API keys and other data may have been sent to random requestors – and may have been discoverable in search engines. There is no evidence that this data has been deliberately exploited, but there is no way to know.
What should I do?
You should immediately:
- Change ALL of your passwords, especially those on the impacted sites
- Make sure you have 2-factor authentication setup for all important accounts
- Rotate your API keys & secrets
Where can I learn more about this security breach?
Here is a list of several good articles if you’d like to learn more:
Your small business security is only as strong as your weakest password. If you need assistance with data security or have questions about this incident, please contact us.
Frequently asked questions
What security does Cloudflare have?
Cloudflare has zero trust security.
Does Cloudflare leak data?
In 2016-2017 there was a major bug that caused a leak in sensitive data from Cloudflare. Their security hasn’t experienced a breach since.