Cloudflare, the internet giant that provides the most advanced DDoS protection, web application firewall, enterprise-class security and lightning-fast global content delivery network solutions or CDN had been a victim of Cloudbleed, a major Cloudflare bug nicknamed Cloudbleed leaked sensitive data- including passwords and authentication tokens from customer websites, by sending extra data in response to web requests, creating a buffer-overflow through the Cloudflare Edge servers.
According to Cloudflare’s official statement,
Having said, currently 3400 websites are reported to have been affected by Cloudbleed bug.
Change.org, a famous online petition website is sending emails to its registered petitioners encouraging them to change their account password on the website. The email came days after Tavis Ormandy of Project Zero, Google Security Analyst exposed Cloudbleed bug that seems to have leaked sensitive information of website that use Cloudflare’s DNS.
The email states that Change.org has received notification from CloudFlare about a security issue that may have exposed the personal information of some users who utilize their services. Although there is no evidence that Change.org has been directly affected by this issue, yet for users security, it is advisable to change their password.
Here’s the Preview of the email stating the customer to change their passwords-
We wanted to share some information we received recently from Cloudflare, a popular web services provider that we use at Change.org, about a security issue that may have exposed the personal information of some users who utilize their services. We have received confirmation from Cloudflare that there is no evidence that Change.org has been directly affected by this issue. However, when issues like this occur, it’s always a good idea to change your password to provide an extra level of security, which you can do at the link below: We want you to feel safe when using our services and we have been monitoring this situation closely to ensure it does not affect our users. If you are ever in doubt about the security of your accounts with us, feel free to contact Change.org directly through our Help Center. The Change.org Team.
Let us know in the comments below, if you’re a Cloudflare customer and what are the measures you’ve taken further over Cloudbleed issue!