If you’re on the internet as much as me, you’ve surely seen the CloudFlare leak, but, does it affect you? Do you need to reset your passwords? Read on.

What is CloudFlare

CloudFlare is a CDN, CDN standing for Content Delivery Network. I will explain it in words, but there is also a handy info graphic- so if you don’t feel like reading, scroll down a bit.

When you attempt to load a website, you are loading it from a server. The webmaster will have a server, or use a web hosting provider (this server is called the origin server).

Things that affect web-loading speed are (extremely simplified):

  • Speed of Origin Server (this can be negated with a CDN, will get onto that later)
  • Traffic on Origin Server (can also be negated by CDN)
  • Distance between you and the origin server (Can also be negated with a CDN!)

How does a CDN negate this? Here we go:

  • CDNs host the website,
  • It does this by caching, so it will download every few minutes or so, removing weight off the origin server
  • CDNs can detect where you are, and then calculate the closest server, so instead of connecting to a on the other side of the world, you are connecting to one in your own country.
  • CDN servers are also much, much faster than traditional servers.

Info graphic:

 

What caused the CloudFlare Leak

CloudFlare was returning memory, that contained customer data that should be private. This data could include (depending on the site) passwords, authentication tokens, HTTP post bodies.

Here comes the problem: Some of this data was being cached by search engines.

Google’s Project Zero told CloudFlare of this bug in secret (called responsible disclosure), instead of revealing it to the public. CloudFlare immediately solved this bug, then made a press statement, telling people what happened. CloudFlare don’t know how long this bug has been there for, so, they warned people that they should change their passwords.

 

Websites Effected by the CloudFlare Leak

We can’t get the exact list of all the sites affected by the CloudFlare Leak, but this is a list of all the websites that use CloudFlare (22mb size .txt), and this is a list of the companies who admitted they have been affected:

If a site you use is listed there, CHANGE YOUR PASSWORD.

 

Footnote

In technology, things like this happen, it is inevitable. With the constant growth of technology, there are bound to be mistakes and missteps. The least we can do is be prepared. Computerphile will explain this in a much simpler, and more detailed way, and if you wish to remain safe, use this site.

We need your questions. Hopefully this week we can do a Q&A were I take the most suggested questions and do my best to answer them. So, be sure to send us questions on Facebook and Twitter, and answers will be provided.

As per usual…

Follow us on Twitter, like us on Facebook and subscribe to our subreddit (reddit was affected by CloudFlare, but password reset is not needed). If you haven’t already subscribe to our newsletter by entering your email into the box on the homepage.

 

You may want to consider hiding yourself on Plex with a reliable VIP VPN service like IPVanish. If your ISP has caps on how much you can use the internet or if you live in an area where content is geo-blocked, a VPN can make you appear as if you are from anywhere in the world. IPVanish has some advantages of its competitors too:
Tier 1 hardware (no speed slowdown)
Log-free, so you can’t be tracked
7 day money back guarantee
The ability to be configured right at your router, for a hassle-free experience.

If you are interested in signing up, receive an automatic 25% off your first IPVanish bill by clicking here!