Change your passwords now! Believe that this is the best way to start warning you about what I’m about to tell you. In case you have not heard, Heartbleed 2.0 is here and it is called Cloudbleed. This is the latest vulnerability researchers uncovered within Cloudflare’s systems. According to Adam Clark Estes, a Gizmodo writer, Cloudflare is one of the world’s largest internet security companies and its clients list includes companies like Uber, OKCupid, 1Password, FitBit and so on. As the author suggests, do not try to find out the complete list of affected websites because it is safer to change all your passwords since it is something people should do regularly anyway.
It has been reported that Cloudflare’s backed websites had been leaking data for several months before the bug was noticed. it will take some time before the level of destruction caused by Cloudbleed is determined. In the meantime, Cloudflare finds itself in a race to rush and hunt down all data stored elsewhere before hackers find them. It will be interesting to learn the evolvement’s nature of Cloudbleed. Again, the best defense against this so far is to change your passwords and apply two-factor authentication wherever possible.
http://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616
I feel like I need a full week off to change all of my passwords! Probably for the better though. There has been a major uptick in brute force password and account enumeration attacks using credentials obtained from breaches such as LinkedIn, Yahoo, etc. Probably a better time than ever to do a massive password update, especially to online banking and investment sites and online retail stores (e.g. Amazon).