Software bug scatters user data
A bug in the software of the web service provider Cloudflare built secret user data into other people's websites.
A software bug at the Internet provider Cloudflare accidentally scattered sensitive user data on the Internet. The platform incorporated the user data into the code of other websites under certain circumstances. The bug was active for over five months, but is now said to be fixed, according to Cloudflare. A particularly large amount of data was affected in the period between February 13 and 18.
It is particularly problematic that the affected pages were cached and indexed by search engines. It is therefore possible that private information is still publicly accessible on the net.
Websites that use Cloudflare's service include Fitbit, the cab service Uber, the password provider 1Password and the partner search site OKCupid. The bug only occurred with a certain HTML version and a certain combination of Cloudflare settings; theoretically, 3000 customers of the provider could be affected.
The gap was discovered by Google security expert Travis Ormandy.
Since it is unclear exactly which data is affected, experts recommend changing passwords for every online service. While the risk of being affected is not exactly great, the effects of the bug are unpredictable.