Cloudbleed Data Breach- What You Need To Know

March 08, 2017

Did you know that internet services you’ve never heard of can significantly impact your life?

That’s what happened in last week’s data leak from Cloudflare, a distributed computing technology service. The leak has been dubbed “Cloudbleed,” an homage to 2014’s “Heartbleed” leak.

Cloudbleed is less serious, but represents a threat to the security of millions of people. Here’s what you need to know to keep yourself safe.

Who’s affected?

Over seven million sites used Cloudflare, including fitness site Fitbit, dating site OkCupid, and review service Yelp. Perhaps the biggest danger was from password manager 1password, which may have revealed password information to other sites.
1password confirmed that only encrypted data had been released, minimizing the danger to its users.

The leak began in September 2016. If you’ve used one of these sites since then, your personal information may have been released. Once it becomes part of a website, it can then be stored by search engines. Yahoo, Google and Bing have collaborated to eliminate the storage of personal information, and Cloudflare has fixed the bug in its code.

While lots of data could have been affected, not much of it was. One in every 3.3 million web requests turned up unwanted data, and very little of that compromised data was password information. Still, it’s best to act as though your login information is compromised.

Data breach.



What do I need to do?

There are three steps every internet user should take now. First, change passwords and make them strong and unique passwords for each.

Second, keep an eye on your account statements. Most often, identity thieves will use information for illegal purchases or cash advances.

Third, where possible, enable two-factor authentication. Using it to log into your account from an unrecognized device, you’ll need both a password and a one-time code, usually sent to email or a cellphone. This stops thieves and notifies you that someone is trying to access your accounts.

Cloudbleed reminds us to be on guard while browsing. It also reinforces the ironclad rule of internet security: When in doubt, change your passwords!

In 7% of [breach] cases, the breach goes undiscovered for more than a year.
~2016 Data Breach Investigations Report from Verizon

Want more credit union information?
Subscribe to eNews