Quantifying the Impact of "Cloudbleed"
Cloudflare, a web infrastructure company, experienced a serious bug in its parser that caused data flowing through its network to be leaked onto the internet. The bug, dubbed "Cloudbleed," was patched within hours of being discovered but had potential for massive impact due to the scale of Cloudflare's operations. An analysis of log data revealed no evidence of malicious exploitation before patching and that most customers experienced no data leaks. Passwords, credit card numbers, or health records were not found in any instances of leaked data from search engine caches. The company is working to expunge all leaked data from third-party caches and has undertaken a full review of its code for potential vulnerabilities.
Company
Cloudflare
Date published
March 1, 2017
Author(s)
Matthew Prince
Word count
3893
Language
English
Hacker News points
287