We have seen some recent incidents in which the CloudFlarehas been reported to have lost its client data, now the company blames an unspecified internal fault for all these incidents.
According to John Graham-Cumming, the company’s CTO, about 1 in every 3.3 million requests that servers of the company were handling in between 13th and 18th of February this way have leaked.
He added saying that, “We think that an internal fault may have led to this memory leakage of a very tiny percentage of the data which we handle on our secure servers”.
Tavis Ormandy, a researcher, had pointed out earlier that the Cloudflare servers were leaking data and this leakage was made worse by the fact that most common search engines are caching this leaked data.
Cloudflare have been leaking customer HTTPS sessions for months. Uber, 1Password, FitBit, OKCupid, etc. https://t.co/wjwE4M3Pbk
— Tavis Ormandy (@taviso) February 23, 2017
It has also had come to notice that the CloudFlare’s server has experienced a relatively common problem linked to memory leakages. The leakage of such sensitive data like HTTPs cookies and others, which occurred on these servers, is said to have an affect on some of the major global brands like Lyft, Uber, OKCupid and others.
None of these companies are commented on the issue, so far. But, CloudFlare says that thay have taken some necessary steps to address the situation immediately. It was notified of its existence by Ormandy.
According to the company, its experts have immediately deactivated the Automatic HTTPS, Server-Side Excludes and email obfuscation features on its servers immediately after it had been notified of the fault. But in what may further complicate matters for the company, it is now emerging that the company may not have taken the issue as seriously as it now states.
According to Ormandy, after he notified the cyber security experts at the company about the breach, he was referred to the infamous bug bounty program that the company runs.
source: hackread
