The internet company Cloudflare has indicated that for the period between September 22, 2016 and February 18, 2017 approximately 3,500 websites were vulnerable to interception of private data due to a data processing flaw. The vulnerability, known as “Cloudbleed”, has resulted in the potential exposure of user’s passwords and personally identifiable information. Up to this time, there is no direct indication that any of the potentially exposed data was accessed by hackers. Customers are advised to be vigilant of potential scam activities, as attackers are known to use media events to their advantage. eSentire’s security teams are monitoring this situation, further updates will be provided if feasible.
What we are doing about it
- eSentire is taking this issue seriously and we working closely with Cloudflare to verify if our website, or information of users who have visited, was affected.
- The eSentire Security Operations Center (SOC) and Threat Intelligence teams are closely monitoring any emerging threats resulting from the Cloudbleed exposure.
What you should do about it
- Be vigilant about potential phishing and social engineering attacks implying that your data has been exposed.
- Enquire with Cloudflare directly to confirm if your customers’ information was affected.
- Change your passwords for any services or websites potentially affected by Cloudbleed.
Customers should be aware that the Cloudbleed vulnerability only affected certain Cloudflare services. The official list of exposed websites has not been published yet. As per the Cloudflare statement, the greatest period of impact was likely from February 13 and February 18, 2017. During that period, around 0.00003% of HTTP requests processed through Cloudflare potentially resulted in random data leakage.
Depending on the sites accessed, the leaked information could include private messages from major dating sites, full messages from chat services, content from adult video sites, hotel bookings, online password manager credentials, and other types of sensitive data. Customers should be vigilant about any suspicious email communication imitating Cloudflare, and refrain from providing any information to unofficial enqueries or for the alleged purpose of validating the Cloudbleed exposure.