Coindesk Logo

Cloudflare Bug Triggers Password Warnings from Bitcoin Exchanges

Cloudflare Bug Triggers Password Warnings from Bitcoin Exchanges

Cloudflare Bug Triggers Password Warnings from Bitcoin Exchanges

Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a bug tied to Cloudflare.

Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a bug tied to Cloudflare.

Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a bug tied to Cloudflare.

AccessTimeIconFeb 24, 2017, 4:40 PM
Updated Aug 18, 2021, 5:50 PM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a newly discovered bug tied to web security firm Cloudflare.

Cloudflare, which provides denial-of-service protection, detailed the issue in a blog post published today. The company was first contacted about the bug last week by Google cybersecurity researcher Tavis Ormandy.

The so-called "Cloudbleed" bug – a reference to 2014's Heartbleed vulnerability –  is believed to have begun affecting services as early as September 2016, enabling the leak of memory that included sensitive information such as passwords and authentication tokens. The firm said the bug has since been patched.

News of the bug has triggered warnings from exchanges like Poloniex and Kraken, which suggested that users change their passwords, two-factor authentication and API keys. More broadly, cybersecurity advocates have strongly encouraged users of any site that utilizes Cloudflare to change their passwords as a precaution.

According to Cloudflare’s blog post, the real threat to users came as a result of some of that information being captured by search engines.

The firm explained:

“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence. The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”

A user on GitHub has curated a list of sites potentially affected by the bug, which includes industry services like Coinbase, BitPay, Blockchain and LocalBitcoins.

Other major websites, including Reddit, Uber and OKCupid, are said to be affected as well.

CoinDesk will continue monitoring this developing story.

Image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.