Cloudflare Users, It’s Time to Change Passwords
A bug in content distributor Cloudflare’s code has been discovered by a Google engineer. The company maintains that the bug has not been exploited. However, users of the company’s services should take precautionary safety measures.
Who is Cloudflare?
Cloudflare is a US technology company that provides a content delivery network, internet security and distributed domain name services. They sit between the visitors and Cloudflare users’ host provider, and act as a reverse proxy.
The bug – Cloudbleed
The bug has been dubbed ‘Cloudbleed’ and according to Clouflare’s chief technical officer John Graham-Cumming when Cloudflare encountered a website with poorly constructed html code, data from other sites using their service would leak into those sites. The biggest impact from the bug took place from February 13 to the 18.
The problem has been fixed. However, users of the service are advised to verify that their websites are secure.
Website owners can use the online tool www.doesitusecloudflare.com to verify their site uses Cloudflare.
The best course of action to take if your site has been using Cloudflare services is to change the password. Also remember that simple passwords should not be used. Instead, follow standard password etiquette and use passwords with a combination of alphanumeric and symbols.
A secondary authentication method would also be advisable.