It’s a good time to take a few minutes and reset some passwords.
Cloudflare, which provides web security and performance boosts to millions of websites including Fitbit, OkCupid, Uber, and Yelp, has been leaking user data since September 2016, the company announced on Thursday. The leak meant that login credentials, cookies that track users around the web, and keys that grant developers access to online tools had been unknowingly injected into the code of smaller websites. The bug is being called CloudBleed, and while it’s been fixed by Cloudflare, some like Google are still struggling to thwart the leaked data on their sites.
Cloudflare says that only 1 in 3.3 million requests to websites exposed data, but that’s still a formidable number at the scale of the internet.
Am I affected?
Over on GitHub, user Pirate put together a list of sites that use Cloudflare’s services. This is a larger set of sites than those known to be leaking data, but it’s still probably worth changing your password if you see a site you use on the list.
You can also use the tool DoesItUseCloudflare to check on specific sites. And if you’re looking to invest a little time into your internet security to make it easier when the next security fiasco happens, try a password manager. (I use Dashlane and it works well.)