This story is over 5 years old.


What You Need to Do About the Massive Cloudflare Data Leak

Millions of websites may have been affected by Cloudbleed. Here’s what you should do to keep your accounts safe.

On Thursday, Google's Project Zero disclosed a serious security issue, now known as Cloudbleed, with popular internet infrastructure service Cloudflare. In short, Cloudflare-protected websites and services—including Uber, dating site OkCupid, and Fitbit—have inadvertently been leaking sensitive user data, potentially including passwords and private messages.

This isn't the fault of the sites themselves, but the way Cloudflare parsed HTML pages. The leaked data was then archived by search engines, as web pages and data are. Google and Cloudflare have worked to remove much of the exposed data, but some examples may remain.


So what do you actually need to do in light of this?

Check which sites use Cloudflare

Cloudflare is big. Really big. According to one very rough estimate, over 4 million domains use Cloudflare (although that includes ones that use other Cloudflare services, and not just the product that this security issue affected).

You can go through that list, and see which sites you've signed up to in the past. Notable sites include Coinbase, server company DigitalOcean, Patreon, 23andme, and so on. Or, you can check the website Just punch in some of the services you use.

If they do run Cloudflare, well…

See the rest of this article at MOTHERBOARD to find out.