Cloudfare Leak: Here Are the Passwords You Should Change Immediately
If you have or had accounts on Fitbit, Uber, OkCupid, Medium, or Yelp, you should probably change your passwords. In a blog post published on Thursday, the web performance and security company Cloudflare said it had fixed a critical bug, discovered over the weekend, that had been leaking sensitive information such as website passwords in plain text from September 2016 to February 2017. Over 5.5 million websites use Cloudflare, including Fitbit, Uber, OkCupid, Medium, and Yelp.
Some website sessions accessed through HTTPS, a secure web protocol that encrypts data sent to and from a page, have been compromised as a result, and what makes the bug particularly serious is that some search engines (including Bing, Google, and DuckDuckGo) had cached, or saved, some of the leaked data for some time. This data isn’t easy for a nontechnical person to find, but for someone with knowledge of how to craft specific queries for affected websites’ leaked data on search engines, it was well within their reach.