Uber, Fitbit and OKCupid User Data Exposed After Major Cloudflare Breach

February 28, 2017, Written By Lynn Oldshue

A software bug at Cloudflare has resulted in user data being exposed from 3,400 websites and apps, including Uber, Fitbit and OkCupid. The company said it is possible that usernames, passwords and other information could now be exposed on the Internet.

Cloudflare, which provides content delivery, DNS and DDoS attack protection services, said user data may have been unencrypted on a number of websites due to a bug in the system. This software bug exposed HTTP cookies, authentication tokens, login information and more. The company first noted the issue when updating software two weeks ago.

“Unfortunately, it was the ancient piece of software that contained a latent security problem and that problem only showed up as we were in the process of migrating away from it,” Cloudflare stated in a blog post.

The COO of Cloudfare, John Graham-Cumming, seems unconcerned about the breach and said there is no evidence that any of the exposed information has been used maliciously. He told the BBC he will not change any of his passwords, as “the probability that somebody saw something is so low it’s not something I am concerned about.”

Cloudflare has four million clients worldwide, including shopping sites, banks and governments.



The information contained within this article was accurate as of February 28, 2017. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About Lynn Oldshue

Lynn Oldshue has written personal finance stories for LowCards.com for twelve years. She majored in public relations at Mississippi State University.
View all posts by Lynn Oldshue