Speed Reads

technical glitches

'CloudBleed' leak compromises passwords for services including Uber, FitBit, and OKCupid

A security breech dubbed "CloudBleed" because of its link to cybersecurity company Cloudflare compromised some 3,400 websites, including popular services like Uber, FitBit, and OKCupid. News of the bug broke Thursday and Friday after it was discovered by a Google researcher named Tavis Ormandy, and users are encouraged to change their passwords on affected sites even though the problem has now been fixed.

Ormandy's report indicated he was able to find "private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings," though Cloudflare says it has "not discovered any evidence of malicious exploits of the bug or other reports of its existence."

For now, most potentially affected "users are probably fine," explained Adam Clark Estes at Gizmodo Saturday. "Then again," he adds, "Cloudbleed illustrates a larger problem with internet security. If one major player gets pwned, the consequences can be catastrophic."