February 28, 2017 By Mark Samuels 2 min read

Customer data could be at risk after a bug at content delivery specialist Cloudflare spilled private information from its clients online. The bug, which was caused by a memory link in a broken HTML parser chain, was discovered accidentally by Google security specialist Tavis Ormandy. It was fixed quickly, but there are fears the problem could have led to information leaks.

Any leak presents a significant risk to businesses integrity, but it also provides a useful reminder on the importance of security best practice. Experts suggested IT managers should reflect on the news and respond proactively to keep their organizations safe.

Leak Threatens Customer Data

According to the Cloudflare blog, Ormandy contacted the firm after seeing corrupted webpages returned by HTTP requests run through Cloudflare.

The problem arose because Cloudflare’s edge servers were running past the end of a buffer and returning memory that contained private information, such as HTTP cookies and authentication tokens. The impact of the incident was increased by the fact that some leaked customer data had been cached by search engines.

Cloudfare CTO John Graham-Cumming said the greatest period of impact was between Feb. 13 and 18, when about 1 in every 3,300,000 HTTP Cloudflare requests led to memory leakage. He estimated that the leakage represented roughly 0.00003 percent of all requests.

Cloudfare’s Response

The bug may have been leaking customer data to the web for months. Ormandy reported on Chromium that he discovered a broad range of personal information, including private messages from dating sites, full messages from chat services and online password manager data.

Once alerted, Cloudflare took quick reactive steps to fix the leak. The firm turned off features that used the HTML parser chain that caused the bug. And in more good news, the SSL private keys of customers were not leaked.

Cloudflare has worked with search engines around the world to remove leaked information from cached pages. However, the long-term effects of the leak are difficult to judge. Cloudflare clients, which include e-commerce sites, government organizations and finance firms, could face pressure to talk about the extent of their exposure, noted InfoWorld.

How Should IT Managers React?

Ormandy praised Cloudflare for its rapid response to the issue. However, IT managers and end users should be aware of the potential risk of exposure. They should consider proactive action immediately before the consequences of the leak become apparent.

Infosecurity Magazine quoted SkyHigh Networks CTO Kaushik Narayan, who suggested that the Cloudflare incident is a timely reminder to IT managers about the importance of secure passwords. Narayan’s research estimated 99.7 percent of companies have at least one employee who has used a potentially vulnerable application.

Security specialist Shuman Ghosemajumder suggested to Infosecurity Magazine that almost any password on more than 4 million websites could have been compromised because of the Cloudflare incident. The safest action, as laborious as it might seem, is to act as if a compromise has taken place and to change all account passwords immediately.

More from

CISA hit by hackers, key systems taken offline

3 min read - The Cybersecurity and Infrastructure Security Agency (CISA) — responsible for cybersecurity and infrastructure protection across all levels of the United States government — has been hacked.“About a month ago, CISA identified activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses,” a CISA spokesperson announced.In late February, CISA had already issued a warning that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Ivanti Connect Secure is a widely deployed…

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today