Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended

User data from 3,400 websites has been leaked and cached by search engines as a result of a bug in Cloudflare, a content delivery network. Sites affected over the course of several months include major ones like Uber, Fitbit and dating site OKCupid. 1Password also uses Cloudflare, but says that end-to-end encryption means that no customer data was exposed.

ArsTechnica reports that the leaks were spotted by Google security researcher Tavis Ormandy.

We observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.

Cloudflare has admitted that the breach occurred, but Ormandy and other security researchers believe the company is underplaying the severity of the incident …

more…

Chrome Canary comes to Android, but beware: it’s unstable and only recommended for developers

Google Chrome has multiple release channels to test new features and insure that bugs are ironed out before they reach end users. Joining Android’s current stable, beta, and dev channel is Chrome Canary. Long available on desktop, Canary “is primarily intended to be used by developers and early adopters to test recent Chromium changes.”

more…