Uber, Fitbit and OKCupid User Data Exposed After Major Cloudflare Breach
A software bug at Cloudflare has resulted in user data being exposed from 3,400 websites and apps, including Uber, Fitbit and OkCupid. The company said it is possible that usernames, passwords and other information could now be exposed on the Internet.
Cloudflare, which provides content delivery, DNS and DDoS attack protection services, said user data may have been unencrypted on a number of websites due to a bug in the system. This software bug exposed HTTP cookies, authentication tokens, login information and more. The company first noted the issue when updating software two weeks ago.
“Unfortunately, it was the ancient piece of software that contained a latent security problem and that problem only showed up as we were in the process of migrating away from it,” Cloudflare stated in a blog post.
The COO of Cloudfare, John Graham-Cumming, seems unconcerned about the breach and said there is no evidence that any of the exposed information has been used maliciously. He told the BBC he will not change any of his passwords, as “the probability that somebody saw something is so low it’s not something I am concerned about.”
Cloudflare has four million clients worldwide, including shopping sites, banks and governments.