CloudBleed and You
You may have heard about a recent vulnerability that has affected Cloudflare, and therefore certain sites that use cloudflare services. Cloudflare is a “Content Delivery Network” or CDN, and is used to speed up websites by acting as a “cache” that sits between your web browser and the certain sites you may visit.
SpireTech does not use Cloudflare services, so none of our data or customer data would have been exposed. However, some customers that host websites with us use Cloudflare – typically this is setup and managed by your web developer. If you fall into that category, you should contact your site developer or SpireTech for advice, which would vary depending on the function of your website.
Despite this not affecting our data directly it may effect many of the sites you frequently visit. If you have accounts with Uber, Yelp, Fitbit, OKCupid, 4Chan, or sites listed at the end of this bulletin, it would be a good idea to go and change those passwords now. Odds that your specific passwords have been leaked are not high, because Cloudflare claims the data leak affected less than 0.00003% of all requests, but change them to be safe.
We aren’t freaking out about this data leak, but if you use the same password everywhere, maybe you should. This is a good example of a reason why using one password everywhere is a bad idea, because a leak in one place can expose all your data.
A complete list of sites that have been affected can be found HERE. If you would like more information about the technical aspects of the attack, ThreatPost wrote a good article about it located HERE. If you subscribe to SpireTech IT support or website hosting services, you can contact the helpdesk for more information on your specific situation.