A bug found in the content delivery network Cloudflare has resulted in personal user data from 3,400 websites to be leaked. Amongst the affected websites are well known organisation such as Uber, Fitbit and the popular dating site OKCupid.
Cloudflare themselves have acknowledged the breach and has attempted to reassure users that there is no evidence that the bug has been exploited.
Cloudflare blog post:
“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.”
However, the security research community believes this standpoint could be misleading and the result of the breach could be far more severe. It is thought that whilst the possibility of user passwords being exposed is low, the risk still remains.
The prevailing advice if you suspect you are a user on an affected site is to change your passwords just in case; why take the risk?