A CloudFlare Bug Leaks Sensitive Data from Customer’s Website


CloudFlare Inc accidentally leaked the sensitive information of the customer’s websites for months. CloudFlare Inc is a multibillion-dollar startup company. It offers a content delivery network that is widespread across more than 5.5 million sites. The company claimed that the firm has since then fixed the problems at its core.

A bug in the software of the company left thousands of web pages hosted by the company into worries. The bug resulted in the leaking of the encrypted personal data of the customers. The CloudFlare Inc hosts as many as 6 million websites. It functions by spreading these websites across the Internet by drawing them closer to their customers. It also tends to reduce the exposure of the websites to “Distributed Denial of Service” attacks that may make them offline.

The data reveal of the customers is attributed to a bug in the software of the company. As a result of this bug in the software, chunks of unrelated data have been sent to the web browsers of the customers. This would happen when the users would visit a web page that is hosted by the CloudFlare Inc. The researchers of Google generated this report.

The CTO (Chief Technology Officer) of CloudFlare John Graham-Cumming claimed that the bug had been fixed almost as it happened. Much of the exposed data has been removed from the cache of the search engines like Alphabet’s Google. He also claimed that they had no reports of the confidential information of the customers being exploited in any manner.

It is likely that the leak was quite active from 22nd September 2016. But the most affected period of the leakage happened around 13th February until it was finally discovered on 18th February 2017. The leakage was at its height during the early periods of this month. In that span, as many as 12,000 web pages were getting leaked on an everyday basis.

ALSO READ:   Pwn2Own Hacking Competition: Ubuntu Linux Falls on Day One

The confidential information that was leaked included the private messages from the major dating sites. These also included information like online password manager data, hotel bookings, frames from sites of adult videos as well as passwords, software keys, and cookies as finding out by the Google researchers. As per the CTO Graham-Cumming of CloudFlare, it is difficult to trace which among the 6 million websites have been affected. He said that CloudFlare together with Google has been working to remove any sensitive data from the web pages store that is collected by the search engines like Google. The process of searching for the exact information is not yet complete. The researchers are still finding the sensitive data if any, on the store of web pages.

Some security researchers claim that the matter is much more serious than what is presented by CloudFlare Inc. It is, therefore, a matter of concern whether the customers of CloudFlare will strive for stricter security measures or not. They might even change their passwords and authentication credentials in the process. Several security experts have already suggested the existing customers do the needful.

Sagar Pandit


Sagar Pandit

Sagar Pandit is fascinated by technology. He completed Mass Communication. Sagar Strongly Believe in hard work and wants to discover more tech world.

Up Next

Discussion about this post