Cloudflare, a company that hosts and provides services for millions of websites and cloud-based software applications, announced that user data from over 3400 websites has been leaked and cached by search engines.
What does this Cloudflare security breach mean to me?
You may not have a business account with Cloudflare, but as a consumer, you are likely impacted, as there are 4,287,625 possibly affected domains!
From September 2016 to Feb 2017, thousands of passwords, private messages, API keys and other data may have been sent to random requestors – and may have been discoverable in search engines. There is no evidence that this data has been deliberately exploited, but there is no way to know.
What should I do?
You should immediately:
1. Change ALL OF YOUR PASSWORDS, especially those on the impacted sites.
2. Make sure you have 2-step authentication setup for all important accounts.
3. Rotate your API keys & secrets.
Where can I learn more about this security breach?
Here is a list of several good articles if you’d like to learn more:
- Cloudflare report on memory leak incident
- 9 to 5 Mac Article on Cloudflare Server Breach
- Technical Detail of Cloudflare Breach from Github
Your small business security is only as strong as your weakest password. If you need assistance with data security or have questions about this incident, please contact us.