Cloudflare Bug Leak May Have Revealed Thousands of Passwords For Months

You may want to change your passwords after Cloudflare reveals a problem with their coding may have leaked out private information to the public.

The bug could have released private customer information including passwords, cookies and other personal details from several major websites over the past few months.

Cloudflare, which manages 10% of all Internet traffic, helps companies and website by providing web performance and security tools. But, the Chicago Tribune reports personal information of customers tied to Cloudflare’s clients including Uber, FitBit, and OkCupid, have been affected by the bug.

Now called “Cloudbleed,” the Chicago Tribune reports that Cloudflare has been leaking customer’s information for several months.

Google security expert Tavis Ormandy discovered the leak after personal information was picked up by search engines.

Cloudflare did not reveal a list of the websites affected but, the company did say that it was not widespread incident.

In a statement, Cloudflare explained that the biggest leak took place between February 13th and February 18th affecting “1 in every 3,300,000 HTTP requests through Cloudflare.”

“Because of the seriousness of such a bug, a cross-functional team from software engineering, infosec and operations formed in San Francisco and London to fully understand the underlying cause, to understand the effect of the memory leakage, and to work with Google and other search engines to remove any cached HTTP responses,” Cloudflare explained in their statement.

The company asserts it is committed to fixing this issue. “Having a global team meant that, at 12-hour intervals, work was handed over between offices enabling staff to work on the problem 24 hours a day.”

The service added, “The team has worked continuously to ensure that this bug and its consequences are fully dealt with.”

Several search engines have attempted to removing user’s sensitive information affected by the leak. However, there is still some private details online.