Users of bitcoin exchanges and other online services are being warned to change their passwords in light of a newly discovered bug tied to web security firm Cloudflare.
The so-called "Cloudbleed" bug – a reference to 2014's Heartbleed vulnerability – is believed to have begun affecting services as early as September 2016, enabling the leak of memory that included sensitive information such as passwords and authentication tokens. The firm said the bug has since been patched.
News of the bug has triggered warnings from exchanges like Poloniex and Kraken, which suggested that users change their passwords, two-factor authentication and API keys. More broadly, cybersecurity advocates have strongly encouraged users of any site that utilizes Cloudflare to change their passwords as a precaution.
According to Cloudflare’s blog post, the real threat to users came as a result of some of that information being captured by search engines.
The firm explained:
A user on GitHub has curated a list of sites potentially affected by the bug, which includes industry services like Coinbase, BitPay, Blockchain and LocalBitcoins.
Other major websites, including Reddit, Uber and OKCupid, are said to be affected as well.
CoinDesk will continue monitoring this developing story.
Image via Shutterstock
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.