wordpress blog stats
Connect with us

Hi, what are you looking for?

Several Indian websites may have been affected due to Cloudflare’s data breach

Several websites including Indian sites using Cloudflare as their storage or host partner could have been affected due to an internal bug that mistakenly leaked sensitive user data. The company confirmed the data leak in a blog post and said that it put together a special team to fix the bug.

The bug was initially spotted by a security analyst from Google’s Project Zero team that looks at spotting vulnerabilities on the Internet. Cloudflare explained that one of its servers “were running past the end of a buffer and returning memory that contained private information…some of that data had been cached by search engines.” A non-geek explanation: a temporary memory location (or cache) located in one of Cloudflare’s server started relaying back data (including sensitive info) after the memory got filled. Since there was no space left to store, it started leaking data to random requesters, and some of this info got listed on search engines.

The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests). The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests),” the company said in the blog post.

Websites that may have been affected

Note that Cloudflare did not disclose the details of websites and links that were affected. Although a user on Github have released the details of these sites, claiming that over 4 million websites were affected and that passwords, private messages, and other sensitive may have been leaked. (Full list here). Some notable Indian sites include HDFC Bank, Citibank, Infibeam, Uber.com, Zoho and Lenskart. The list was first spotted by NextBigWhat. P.S: if your site uses Cloudflare, it’s probably a good idea to reset all passwords.

Other notable sites:


Other notable data breaches

Recently, a massive data breach on Yahoo carried out by unknown hackers exposed sensitive info belonging to at least 500 million users. The breach, which was carried out in 2014, includes data properties like names, email addresses, dates of birth, telephone numbers and encrypted passwords of Yahoo customers. However, the tech company later blamed “state-sponsored hackers” for stealing information from their servers. Note that Google, Twitter and Facebook earlier gave similar warnings to users stating that there could have been state-sponsored hackers compromising accounts on their platform.

In India, several ATMs and PoS machines on YES Bank’s network were recently affected by a data breach.  Hackers targeted around 90 YES Bank’s ATMs and POS machines which resulted in card details of State Bank of India, ICICI Bank and HDFC Bank customers being stolen. Hitachi payments services later confirmed that a malware on its system caused the breach of sensitive data, which led to over 32 lakh debit caIrds being compromised.

Also Read:
Cloudflare CEO Matthew Prince on whether Airtel is sniffing data packets to block websites
Govt’s malware and botnet cleaning center begins work with ISPs, banks etc

Image Credits: Flickr user BOB MICAL under CC BY 2.0 

You May Also Like


Mobile numbers and WhatsApp chats of people using WhatsApp web were indexed on Google search results yet again, a security researcher claimed. This came...


The Ministry of Electronics and Information Technology wrote a letter to WhatsApp CEO Will Cathcart calling on the Facebook-owned messenger app to withdraw proposed...


Google has closed its deal to acquire fitness wearables company Fitbit, even as probes by competition regulators in the United States and Australia are...


WhatsApp has reiterated in a blog post on Tuesday that the service is end-to-end encrypted and neither it or Facebook can see messages. It...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ