About recent CloudFlare vulnerability

Today we would like to tell you about a security breach that happened recently. Cloudflare revealed a serious bug in its software that caused sensitive data like passwords, cookies, authentication tokens to leak from its customers’ websites, TechCrunch reports.

For those of you who are not familiar with CloudFlare, it's a company that provides a content delivery network, Internet security services, and distributed domain name server services, sitting between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

So what's the problem?
Basically, this security vulnerability allowed anyone to gain personal data that is usually encrypted and it impacted millions of websites (it's now fixed).

The bug occurred in an HTML parser that Cloudflare uses to increase website performance — it preps sites for distribution in Google’s publishing platform AMP and upgrades HTTP links to HTTPS. Three of Cloudflare’s features (email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) were not properly implemented with the parser, causing random chunks of data to become exposed.

-TechCrunch

Is Adguard affected?
CloudFlare told us that: "Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found".
So your emails and passwords you use for Adguard account shall be safe. But anyways we would highly recommend that you change account password as a precaution!

UPD:
CloufFlare shared the following:

The summary is that, while the bug was very bad and had the potential to be much worse, based on our analysis so far:

  • We have found no evidence based on our logs that the bug was maliciously exploited before it was patched;
  • The vast majority of Cloudflare customers had no data leaked;
  • After a review of tens of thousands of pages of leaked data from search engine caches, we have found a large number of instances of leaked internal Cloudflare headers and customer cookies, but we have not found any instances of passwords, credit card numbers, or health records; and
  • Our review is ongoing.
  • Daria Magdik on Industry News
    February 27, 2017
    Comments are powered by Disqus. By downloading the comments you agree the terms and policies of Disqus
    YouTube promises to eliminate the most annoying ad format

    There will be no unskippable 30 sec ads on YouTube. Such videos will be gone only in 2018, which is nearly a whole year on your calendar and almost eternity for the Internet company. However, 20 and 16 sec unskippable videos will be promoted instead.

    New ad-tech terms: “ad reinsertion”, “ad recovery”, “ad replacement”

    Even if you have an ad blocker installed, you might see a banner or other advertising element on the website. Why is this happening? Most likely, you see the results of one of the technologies to bypass adblockers and display ads to their users. Marketers and site owners are not ready to tolerate the fact that people block ads.