Huge security disasters like Cloudbleed are never fun. However, as more information about the newly reported vulnerability becomes available, we can understand how dangerous bugs stand to screw up the internet. Luckily, in the case of Cloudbleed, it’s not as bad as it could have been. But it’s not good, either.
Cloudbleed, if you hadn’t heard, is a major vulnerability that potentially affects millions of websites served by Cloudflare, a security and performance service. One tiny bug in Cloudflare’s code led to an indeterminate amount of data—including encryption keys, chat logs, cookies, and passwords—to be leaked out onto the open web and cached by search engines like Google. Cloudflare’s customers include massive websites like Uber, OKCupid, and Fitbit, which means that a tremendous number of users find themselves in the unfortunate position of not knowing how much (if any) of their personal data has been compromised.
That sucks. Cloudflare’s co-founder and CEO Matthew Prince said as much in an interview Gizmodo on Friday. “This is a big deal for us,” Prince said. “This is a really bad bug. This is something that our customers should be very cognizant of and should take very seriously.”