CloudFlare Bug Potentially Exposes Private Information
Nerds Hosting uses CloudFlare to power certain aspects of our hosting infrastructure, and thus we felt it important to share some thoughts on the CloudFlare bug that was exposed last week. Unfortunately, the bug in question is very technical in nature and hard to explain clearly and concisely. Since many clients may have read something about this on social media or in the press, we felt it important to address this issue.
At a very high level, a bug was found in the CloudFlare system that would occasionally add random, unrelated data to a website request. This random data was a leak from the memory stack on the CloudFlare servers, and could potentially have contained sensitive data from one or more of the millions of websites that use the CloudFlare systems. Due to the nature of this bug, it is impossible to predict what data would have leaked, nor is there any indication that any malicious users took advantage of this problem. This bug has since been fixed by CloudFlare.
After consideration and research, it is the belief of our team that the risk to our clients was extremely low, and we do not recommend any specific actions in relation to this incident at this time.
You can read more about this incident from CloudFlare, though please note this article may be quite technical in nature: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/