Attention required for CloudFlare users: 'CloudBleed' - A major security breach. What should you do?

Background

In the era of IoT, much emphasis is now given to a website's performance and security. CloudFlare is one of the fastest managed DNS providers and is the builder of next-generation Content Delivery Network (CDN). Through CDN's service offerings, cloud flare helps to set up your website in closer proximity to the visitors logging onto the website. Apart from easy access to the files, your website's performance is also enhanced efficiently. The visitor's frustration at the loading speed of the web page is largely prevented.

For example, when someone in Paris tries to access a US-hosted website, it is done through local servers nearest to the user. This is much faster than having the user's requests, and your responses, travel back & forth to the user's place and the physical server.

On Feb 2017, a major security bug, termed CloudBleed, was detected by the Google Project Zero Team. CloudBleed is a major vulnerability that potentially affects millions of websites, hampering the security of nearly 2 million websites. A massive security loophole happened that allowed the leaking of passwords and other sensitive information.

Information that has been leaked

When you see the address bar of the website, you can find the "http" at the beginning of the URL. But some of the web addresses begin with "https", which means the page is secured.

Service providers like 'CloudFlare' act as a middleman between users and servers to transfer information in a secured way. That secure information was unfortunately exposed, and the worst part is some information has been cached by search engines like Google, Yahoo, Bing, etc. Anything from usernames/passwords, sensitive information like images or any security protocols could have been exposed. As of now, there is no confirmation if the cached information was retrieved by hackers.

Action required from you

Though your information might not be completely accessed by hackers, we recommend you to change all your CMS admin and other passwords to protect your site.

For example, a website may have more than 1 administrator. As a precautionary step, it is a good idea to change the passwords for all administrators on the website, even for accounts protected by a 2-step authentication, since they could also be at risk.

How to find if 'CloudFlare' is installed

There are many browser add-ons that reveal various technologies used on a website. Builtwith, Wapplyzer are two of the most popularly used tools.

Checklists

After changing the password(s), check the following:

• Review all user accounts on the website. If any user is found to be spam, block & delete them immediately
• Website Audit - A deep analysis of the website which will reveal if any anomaly is present

Note: Passwords for mobile apps could have also been impacted, so we highly recommend changing them too.

Need help? Contact our experienced security team today for assistance with evaluating your site's security.