wordpress blog stats
Connect with us

Hi, what are you looking for?

Several Indian websites may have been affected due to Cloudflare’s data breach

Several websites including Indian sites using Cloudflare as their storage or host partner could have been affected due to an internal bug that mistakenly leaked sensitive user data. The company confirmed the data leak in a blog post and said that it put together a special team to fix the bug.

The bug was initially spotted by a security analyst from Google’s Project Zero team that looks at spotting vulnerabilities on the Internet. Cloudflare explained that one of its servers “were running past the end of a buffer and returning memory that contained private information…some of that data had been cached by search engines.” A non-geek explanation: a temporary memory location (or cache) located in one of Cloudflare’s server started relaying back data (including sensitive info) after the memory got filled. Since there was no space left to store, it started leaking data to random requesters, and some of this info got listed on search engines.

The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests). The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests),” the company said in the blog post.

Websites that may have been affected

Note that Cloudflare did not disclose the details of websites and links that were affected. Although a user on Github have released the details of these sites, claiming that over 4 million websites were affected and that passwords, private messages, and other sensitive may have been leaked. (Full list here). Some notable Indian sites include HDFC Bank, Citibank, Infibeam, Uber.com, Zoho and Lenskart. The list was first spotted by NextBigWhat. P.S: if your site uses Cloudflare, it’s probably a good idea to reset all passwords.

Other notable sites:

Advertisement. Scroll to continue reading.


Other notable data breaches

Recently, a massive data breach on Yahoo carried out by unknown hackers exposed sensitive info belonging to at least 500 million users. The breach, which was carried out in 2014, includes data properties like names, email addresses, dates of birth, telephone numbers and encrypted passwords of Yahoo customers. However, the tech company later blamed “state-sponsored hackers” for stealing information from their servers. Note that Google, Twitter and Facebook earlier gave similar warnings to users stating that there could have been state-sponsored hackers compromising accounts on their platform.

In India, several ATMs and PoS machines on YES Bank’s network were recently affected by a data breach.  Hackers targeted around 90 YES Bank’s ATMs and POS machines which resulted in card details of State Bank of India, ICICI Bank and HDFC Bank customers being stolen. Hitachi payments services later confirmed that a malware on its system caused the breach of sensitive data, which led to over 32 lakh debit caIrds being compromised.

Also Read:
Cloudflare CEO Matthew Prince on whether Airtel is sniffing data packets to block websites
Govt’s malware and botnet cleaning center begins work with ISPs, banks etc

Image Credits: Flickr user BOB MICAL under CC BY 2.0 

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...


By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...


By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

You May Also Like


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ