Internet-service giant Cloudflare recently revealed that a bug infiltrated their system causing sensitive user data to be leaked across the internet.
The firm is one of the largest internet infrastructure companies globally and provides millions of websites with a wide-range of performance and cyber security services.
The latest online issue has raised the bold question of whether internet-based or cloud shared information is ever totally secure.
According to wired.com, the platform had been leaking delicate information since September 2016 and was uncovered by Google vulnerability researcher Tavis Ormandy in February 2017.
Big names including FitBit, OKCupid and Uber were exposed to the bug, along with more than six million users, where randomly extracted data was spread over the web.
Cloudflare insists that only 3,000 of its customers were affected by the bug and only those who have certain HTML and settings on their websites were infected.
The way the data was disseminated was by the bug randomly exposing sensitive information such as passwords and other personal details into the coding of other websites.
Luckily for Cloudflare, their system only posted the information onto low-key websites, and would have been hard to find within the coding unless you are a computer genius.
However, security experts say that the breach in one of the leading providers of security services for online platforms could be catastrophic for the US-based company.
In fact, this recent bug is of great concern because some of the leaked data included “sensitive cookies, login credentials, API keys, and other important authentication tokens, including some of Cloudflare’s own internal cryptography keys”. The data was also being recorded in caches by search engines like Google, Bing and other systems.
Some of the leaked data included “sensitive cookies, login credentials, API keys, and other important authentication tokens”
Reports suggest that there was an immediate “online treasure hunt” by hackers and identity thieves to find the leaked information. However, Cloudflare claim that they managed to fix the bug within just one hour and eliminated most traces of the leak within seven hours.
John Graham-Cumming, Cloudflare’s CTO, explained that the leak did not expose the transport layer security keys used in HTTPS encryption, but it does seem to have potentially compromised data protected in HTTPS connections.
According to medium.com, the best way to avoid any concern is to change every password for every online account or ones saved within your cloud that could be exposed to the internet.
This certainly does throw up the bold notion of whether internet-based infrastructures are ever completely safe from bugs or hacks. If one of the world’s leading online security firms can leak sensitive information when they are paid to protect others, then surely any online source is penetrable.
Cloudflare are now offering an even “stronger and more resourced security protection than before”, so let’s see if that does the trick in protecting millions of websites from security breaches.