You Use Bitcoin? You Need To Change Your Password (Present)

Some of the services of the famous Bitcoin on the internet may have leaked some sensitive information its users, including the password.

Cloudflare is a popular content delivery network which effectively acts as a kind of shield, proxy digital that offers millions of website DoS protection and other services.Some of the biggest sites there are on the internet uses the Cloudflare, including some well-known companies such as Coinbase, Bitcoin, Kraken, LocalBitcoins, Poloniexand many more.

Any data sent from this site are essentially bypassing the Cloudflare. Including passwords, as well as cookies, authentication tokens and other sensitive information.

Last week, the exploitation of which is known as "Cloudbleed" – a reference to the security bug Heartbleed – found by Tavis Ormandy of Google security researcher of Project Zero. A major gap in the infrastructure of the Cloudflare, caused by what is known as a "buffer overflow," essentially all data is spilled on the internet. Wheneveranyone asks for data from specific web sites or mobile applications that are protected by the Cloudflare, Cloudflare randomly could send data from different sites.

"We take a sample, and we watched the encryption keys, passwords, cookies, pieces of the POST data and even HTTPS request main site Cloudflare hosted more than other users," wrote Ormandy in his blog entry.

This vulnerability can be used anytime from September 22, and February 20, while big-impact period between February 13 and February 18.

The good news is the possibility of sensitive data falling into the wrong hands so farseems only likely small. "We also found no evidence of malicious exploitation of this bug," bright Cloudflare in a report of the incident that took place in their system.

However, the bad news is that there is no way to know precisely whether data had been leaked. Therefore the users of the service that may have been affected, are required to change their password immediately. (Of course this also includes a password in a non-web site Cloudflare has been used in multiple sites.)

The account is already implementing two-factor authentication is also still has a little bit of vulnerability, then reset the authentication implementation is also highly recommended for suppress bad possibilities posed by the incident. Those who use the API key is also recommended to do the reset.