A little more than a month ago there was a relatively small announcement made about a vulnerability in CloudFlare’s infrastructure. Most people who glanced over the headlines were probably not worried at all and may have simply asked the question, “What or who is CloudFlare?”.
When we hear about breaches or potential breaches it is usually associated with a big name and relatively easy for individuals to judge their exposure.
What makes the CloudFlare vulnerability especially concerning is that the infrastructure is used by some 5.5 million websites on the Internet, and extends beyond the sites and into mobile apps as well. In fact, there are some pretty big household names using its services.
The vulnerability itself exposed secret data via an implementation bug with secret keys. Without getting into the technical details, the researcher who found the bug cited that he was able to see private chat logs, dating site private messages, password and personal information, as well as travel bookings.
In short, it could have been an identify theft nightmare
Unfortunately, barring the use of Internet services, there is not a lot you can do to protect your data from these types of bugs. We are also in the era where a breach or a vulnerability may happen without users ever knowing about it.
But some steps can be taken to make things a little more difficult for hackers to steal your password information:
- Don’t use the same password on more than one site on the Internet. This limits exposure in the event that one password is hacked.
- Change passwords regularly. Don’t be paranoid and change passwords every day, but have a schedule and make it a habit.
- Keep passwords very different between sites. Don’t use a formula that would be easy to figure out.
- Close accounts that you no longer need, if possible.
This article originally appeared in Striata.