Here we go again. Right on the heels of the latest revelations from the Yahoo hack, another popular web company has been seriously compromised.
Cloudfare, a popular web performance and security company, is the newest addition. Over 5.5 million websites who use Cloudflare, including Fitbit, Uber, OkCupid, Medium, and Yelp, may have been compromised.
If you have or had accounts on Fitbit, Uber, OkCupid, Medium, or Yelp, you should probably change your passwords. In a blog postthe web performance and security company Cloudflare said it had fixed a critical bug discovered over the weekend that had been leaking sensitive information such as website passwords in plain text from September 2016 to February 2017.
What should you do?
1: Change your passwords and make them very strong. Consider using a password manager like LastPass to create a long, random string of characters for every online account.
2: Where possible – enable two-factor authentication. Two-factor authentication requires a code sent to your mobile phone, in addition to your password.
3: While you’re at it, add a PIN to your phone number account.
A dedicated Hacker can bypass two-factor authentication by providing your name and the last four digits of your social security number to your mobile carrier. Simply call the customer care number at your mobile provider/carrier to enable this feature.
There’s a list available of all the websites identified so far if you want to see if you might be at risk. See the link at the end of this article. There’s also a list of many potentially affected IOS apps as well.
Thanks to BuzzFeedNews for this very relevant information.
List of Websites available here: https://github.com/pirate/sites-using-cloudflare/blob/master/README.md
IOS Apps potentially affected: https://www.nowsecure.com/blog/2017/02/23/cloudflare-cloudbleed-bugs-impact-mobile-apps/
