What We Do
How We Do
Resources
Company
Partners
Get Started
Security advisories

Cloudbleed Vulnerability Alert

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

The internet company Cloudflare has indicated that for the period between September 22, 2016 and February 18, 2017 approximately 3,500 websites were vulnerable to interception of private data due to a data processing flaw. The vulnerability, known as “Cloudbleed”, has resulted in the potential exposure of user’s passwords and personally identifiable information. Up to this time, there is no direct indication that any of the potentially exposed data was accessed by hackers. Customers are advised to be vigilant of potential scam activities, as attackers are known to use media events to their advantage. eSentire’s security teams are monitoring this situation, further updates will be provided if feasible.

What we are doing about it

What you should do about it

Additional Details

Customers should be aware that the Cloudbleed vulnerability only affected certain Cloudflare services. The official list of exposed websites has not been published yet. As per the Cloudflare statement, the greatest period of impact was likely from February 13 and February 18, 2017. During that period, around 0.00003% of HTTP requests processed through Cloudflare potentially resulted in random data leakage.

Depending on the sites accessed, the leaked information could include private messages from major dating sites, full messages from chat services, content from adult video sites, hotel bookings, online password manager credentials, and other types of sensitive data. Customers should be vigilant about any suspicious email communication imitating Cloudflare, and refrain from providing any information to unofficial enqueries or for the alleged purpose of validating the Cloudbleed exposure.

View Most Recent Advisories