E&T news story: internet users urged to change passwords after Cloudbleed discovery
A cyber security news story from E&T online
Multiple high-profile apps including Uber and FitBit have been leaking customer data for months due to the Cloudbleed vulnerability discovered by Google researchers last week.
The bug in the source code of internet services company Cloudflare caused sensitive data to be cached by search engines, potentially allowing hackers to pose as legitimate customers. The compromised data includes private messages and authentication cookies.
'We've discovered (and purged) cached pages that contain private messages from well-known services, PII from major sites that use Cloudflare, and even plaintext API requests from a popular password manager that were sent over http,' said a cyber security researcher from Google’s Project Zero team. 'The examples we're finding are so bad, I cancelled some weekend plans to go into the office on Sunday to help build some tools to clean-up.'