24 Feb Massive Bug May Have Leaked User Data From Millions of Sites.
THE INTERNET INFRASTRUCTURE company Cloudflare, which provides a variety of performance and security services to millions of websites, revealed late Thursday that a bug had caused it to randomly leak potentially sensitive customer data across the internet.
The flaw was first uncovered by Google vulnerability researcher Tavis Ormandy on February 17, but could have been leaking data since as long ago as September 22. In certain conditions, Cloudflare’s platform inserted random data from any of its six million customers—including big names like Fitbit, Uber, and OKCupid—onto the website of a smaller subset of customers. In practice, it meant that a snippet of information about an Uber ride you took, or even your Uber password, could have ended up hidden away in the code of another site.
Read more from:Wired.com