I’ve often seen career advice about just updating your resume every quarter or so as you have new things you might want to include and the updated measurements. I think maybe it’s time we just set ourselves a quarterly reminder to go change all our web-based passwords as well. It’s probably safe to assume that one account or another might have gotten leaked somewhere in that time, instead of trying to track which sites might have had a data breach.
A Google researcher has uncovered what may be the most worrying web leak of 2017 so far, possibly exposing passwords, private messages and other sensitive data from a vast number of sites, including major services like Uber, FitBit and OKCupid.
It’s being dubbed CloudBleed by some, as the problem was caused by a vulnerability in code from a hugely popular web company, CloudFlare, and was not dissimilar to the infamous Heartbleed bug of 2015 (though possibly more severe in terms of the potential for data leakage). It’s similar to Heartbleed in that CloudFlare, which hosts and serves content for a at least 2 million websites, was returning random chunks of memory from vulnerable servers when requests came in.