Bitcoin users need to be well aware of the recent CloudFlare issue, as it affects quite a few different cryptocurrency-related services. Several companies issued warnings regarding “CloudBleed”, all of whom advise users to change their passwords. With so many exchanges relying on CloudFlare, this is another example of why centralization needs to be avoided.
CloudBleed Is A Serious Issue
To put the CloudBleed security issue into perspective, the scope of services affected by this data leak extends well beyond the bitcoin space. It is believed the data leak exposes thousands of passwords and other personal information for several months until it was discovered. Cloudflare managed nearly 10% of all web traffic, which makes it one of the “backbones” of the internet, so to speak. Unfortunately, this also means virtually every popular service is affected by this data leak.
Among the information being leaked to anyone who requested it are passwords, cookies, messages, and any other type of personal information one can think of. The bug was discovered in September of 2016, yet no further specific details were provided to us at this time. We do know the list of clients affected by CloudBleed is a lot larger than most people would think possible.
Security analysts at Google’s Project Zero noticed an overflow error that could leak sensitive information to search engines and other platforms scraping data from the internet. This opens up a treasure trove of financial information to hackers and other criminals looking to take advantage of it. It is unclear if any of this information was obtained by hackers, but it seems very plausible that is the case.
Cloudflare CEO Matthew Prince is confident the issue was fixed before someone could even take advantage of the flaw. That is a rather bold and positive statement, although it won’t necessarily put people’s minds at ease. Various bitcoin companies issued warnings to their users to change their password immediately, as that remains the best course of action. Moreover, any platform where the same password was used will need to have the credentials updated as well.
The list of affected bitcoin companies is rather long and includes virtually every platform most users ever come in contact with. Popular exchanges, such as Coinbase, BTC-E, QuadrigaCX, Kraken, Bitstamp, and Bitfinex, for example, are all using Cloudflare for their Anti-DDOS protection. All of these companies advised users to update their password sooner rather than later. LocalBitcoins is also affected, even though the platform does not act as a custodian for funds. Then again, having someone steal your account and scamming users is still a real threat.
This event goes to show multiple companies relying on one and the same anti-DDoS provider is a big problem. Especially in the world of bitcoin and decentralization, a more distributed solution is direly needed. CloudFlare has built a strong reputation over the past few years, but this data leak highlights the problem of centralization. All bitcoin users relying on a service affected by this leak need to update their login credentials as soon as possible, that much is certain.by