The year 2017 hasn’t turned out to be a great one for few information technology solutions providers. In the past few weeks, two major incidents have made the customers take a step back and reevaluate their contingency plans.
Online platforms experienced severe disruptions and tense days after two of the leading providers, Cloudflare and Amazon Web Services faced issues. The whole Cloudflare incident labelled as “Cloudbleed” was caused by a bug in the system which potentially compromised the privacy of a small group of users. According to certain reports, over 1.2 million users on over 3,400 websites including the likes of Uber and OKCupid were affected by the memory leak.
Cloudflare’s services are used by a majority of the cryptocurrency platforms. The possible leak of sensitive information including passwords, encryption keys, messages, IP addresses and HTTPs requests due to Cloudbleed has got them concerned. Many exchanges and cryptocurrency services have started sending emails to their customers, asking them to take precautions to prevent any unauthorized access to their accounts.
While Cloudflare continues to downplay the incident, claiming that there are no serious security concerns arising from the memory leak, industry experts aren’t so sure about it. The memory leak issue was discovered and reported by one of the Google Engineers, Tavis Ormandy. Upon receiving the information, Cloudflare managed to fix their edge servers affected by the bug.
The security notice issued by Netki — a Bitcoin wallet naming service to its users said,
“While Netki has no evidence of leaked customer information, due to the nature of the bug, we recommend as a precaution that you update your Netki security credentials.
* Update your password
* Update your two-factor authentication
Please visit the Netki Settings & Security website to update both of your security credentials.”
All alerts issued by cryptocurrency platforms have a similar tone, asking people change passwords, reset two-factor authentication and change the API keys.
An extensive list of websites potentially affected by the Cloudbleed bug is available at this link. Few tech publications have asked the users to change their login credentials irrespective off whether the websites/platforms they use avails Cloudflare’s services or not.