Over a week ago, CloudFlare, a company designed to protect websites and keep them running smoothly had a bug that affected over 6,000 websites, putting every user on any of those websites at risk. If you have or had an account on any of those sites, your personal information bled out into the open from the cloud, and it’s not coming back.
It was a major breach of security and gives anyone who uses the same password for everything more than a few reasons to sweat. If you haven’t changed your passwords already, now’s your warning. Website leaks are always terrifying, but what does this mean for your Android?
What is CloudFlare?
Cloudflare exists to do two things for your website: protect and accelerate. Unfortunately, after this latest leak, they’re falling behind on one of those fronts. Cloudflare does its best to make sure your website isn’t vulnerable to attack, is quick to load and store information, has its servers up and running, and gives you a handy analytics system to monitor your website.
Cloudflare has, or in this case had, a great track record, so it’s no wonder why so many websites entrust them with their information. Unfortunately, now that the information about the leak has come out, website owners and users on those sites are left to deal with the risk of the aftermath.
Is Your Android at Risk?
Your Android itself isn’t at risk because of cloudbleed, but the sensitive information you access on it is. If you haven’t changed your shared passwords or enabled two-factor verification where you can, you’re still in trouble.
As of right now, Cloudflare has commented that while the bug has been manipulated over a million times, the impact of the breach is relatively small. Whether or not this is true is up for debate, but what isn’t is how scary and potentially dangers this leak can still become. It isn’t just your Android that’s at risk here, it’s everything that has just a single password.
How Often do Leaks Like This Happen?
Unfortunately, password and account leaks happen all the time, and there isn’t anything users can do to stop them. In fact, sometimes you don’t find out about leaks until far after the information has already been stolen, in yahoo’s case last year.
For the most part, there isn’t much you as a user can do about this kind of theft. The only thing you can do is minimize the damage, and protect everything you can, including your Android.
How do You Protect Your Android?
The information that’s been leaked can never be taken back, so all you can do is work with the current outcome. Any password you’ve used with affected sites, and any site or account that has the same password is now is at risk. Take these actions as soon as you can to protect your Android, and everything else:
1. Change Compromised Passwords
Any previously used passwords are now compromised and aren’t safe to use on any of your other similar accounts. Change any compromised passwords as soon as possible, and make sure you never use those passwords in the future.
There are over four million domains that could be affected, so please read CloudFlare’s detailed post on the situation.
2. Enable Two-Step Verification Wherever Possible
Two-step verification is one of the safest methods to ensure no one has access to your data except for you. It’s easy to set up, and as long as you have your Android with you, you have a way to access all of your accounts.
I highly recommend you set this up immediately for everything you can, so please learn about the process here.
3. Use a Different Password for Everything
Data compromises like this show time and time again that it’s a bad idea to use the same password in multiple places. While it’s convenient only to have to remember one password, multiple passwords aren’t impossible to keep up with.
Using a password manager makes remembering and entering passwords much easier, and won’t take long to set up.
Cloudbleed isn’t the first major leak of internet information, but it’s the first major one of 2017 on this big of a scale. While cloudbleed doesn’t affect your Android directly, it’s a serious problem that needs to make everyone rethink their security measures. If you aren’t using two-step verification yet, this is the best time to start.
We don’t know everything about cloudbleed yet, but please post any questions or concerns you have below.