Cloudflare data leak may impact small businesses
A security risk that is being compared in magnitude to 2014 Heartbleed security problem was announced last week. Cloudflare, an internet service provider, disclosed that a memory leak was discovered in their process. This leak has leaked passwords, cookies, personal information, messages and email addresses to search engines from millions of websites. The good news is once Cloudflare learned about the leak, they fixed it within a day. The potential bad news is no one seems to know how much information from what websites was leaked.
It is believed that the leak began in late September, 2016 and was corrected last week. Unfortunately, the leaked information was cached in search engines around the world. Major search engines such as Google, Yahoo, and Bing have reported they have scrubbed their caches. But security experts say leaked information is still available on the internet.
What this means to small businesses
It is estimated that over 4 million websites may be impacted. The impact may be to a business’s site or to sites used by the business. If information on a business’s site was leaked that may mean that hackers could access the site’s content illegally and change information. Or the hacker could steal additional information and used it elsewhere or sell it.
For individuals, the leakage means someone could gather private information and access the individual’s accounts illegally or sell the information.
What your business can do
You can search for potentially impacted websites using this tool. Ask your cybersecurity expert to research the potential impact to your site and sites your business commonly uses. This is a good link for details on searching.
You should evaluate the action of creating forced password changes for your customers on your site, if you think your site was impacted.
You should also share the potential risk with your employees. Suggest they change passwords on key sites they use and ensure two factor authentication is in place where available. Blogger Graham Cluley has a series of blogs on how to set up 2-factor authentication for many common sites such as LinkedIn, Google, and Microsoft.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.