The San Francisco-based company Cloudflare, which is a cloud-based web hosting service, has been discovered to have a small – but significant – bug in some of its code that caused private, confidential user data to be dumped in publicly-viewable webpages’ metadata as plaintext – basically, something anyone could read if they knew how to use some simple browser tools. This security flaw would inadvertently send random data from the last request to Cloudflare’s servers to the page being displayed by the user’s browser if they visited websites hosted by Cloudflare, which include the likes of Uber, and sent information including encryption keys, passwords, cookies, and other information.
Once again, this incident outlines the potential risks of outsourcing a large part of your infrastructure to a third-party organization, and while some of these issues may be inevitable – in this case a small line of code in an undoubtedly large and complex piece of software, when you outsource, you lose some element of control. As a result, data you and your customers value may be at risk – unbeknownst to them, you, or even your service provider – in this case, Cloudflare.
In this case, the issue was a server-side issue; meaning that it was an issue with a protocol being run by the datacenter itself, which resulted in the exposure of the data of thousands of people. Even so, personal data security and assurance are paramount, and it’s important to always monitor your financial and personal information regularly, as well as taking the commonsense approach of not using the same e-mail and password over multiple sites, which could make the impact of a simple data breach exponentially worse.
When more of your personal information is on servers throughout the world than is in your filing cabinet, you are your best advocate, and if you keep track of your information, you have will have recourse.
- Wonga Data Breach: 250,000 UK and 25,000 Poland Clients Affected - April 12, 2017
- ABTA Data Breach – 43,000 Users Impacted - March 16, 2017
- 2014 Yahoo Data Breach Suspects Charged, Ties to Russia - March 16, 2017