11th November 2006
People and organisations spend a lot of time and money on security solutions to protect their users data, so when the security solution is actually a security vulnerability, you're in deep trouble.
This is the case with a leak that has just been uncovered this morning, from security giant Cloudflare. Cloudflare - a CDN that has been ranked on Forbes Cloud 100 list - is a security solution used by a number of the biggest websites in the world, including Uber, 23andme, Patreon, Authy, and many more.
The leak in question originates from a bug that has been active since September 2016, and has resulted in passwords, private messages, and other sensitive data being leaked to random requesters. There's further information available on Github.
This is bad. Cloudflare is one of the most widely used networks out there, and it's used by websites that handle very sensitive data. Top 100 sites are currently assembling response teams to determine what - if any - information has been leaked. So far, it has been confirmed that Namecheap and 1Password are unaffected, along with Fastmail.