Cloudbleed – More Bad News For Using Passwords Alone

A new internet security vulnerability was announced last week, and it is “a scary big deal“.  Cloudbleed, the name given to this vulnerability, has led to a potentially wide-spread leak of passwords and other data all over the internet.  And, while announced just last week, the leak could have started as early as September 2016.  Websites that use Cloudflare are affected, and that numbers in the thousands, including Uber, Fitbit, and others.

In plain English, Cloudflare’s software tried to save user data in the right place. That place got full. So Cloudflare’s software ended up storing that data elsewhere, like on a completely different website. Again, the data included everything from API keys to private messages. The data was also cached by Google and other sites, which means that Cloudflare now has to hunt it all down before hackers find it. (source)

In this case, no matter how complex a password was, they are vulnerable.  And as usual, two-factor authentication (2FA) is recommended.

As we’ve argued in the past, you might as well enable two-factor authentication on everything, too, since it’s your best first defense against hackers. (source)

Implementing 2FA within your organization does not have to be difficult.  In fact, with GreenRADIUS, implementation can take as little as 15-30 minutes.  And our customers find it easy to manage and easy to use for both admins and users.  Contact us today to learn more.

Liked this post? Follow this blog to get more.