Skip to main content
  1. Home
  2. Computing
  3. News

Here’s a list of sites and services affected by Cloudbleed, and what to do next

By

A hand on a laptop in a dark surrounding.
Image used with permission by copyright holder
Last week, we found out about Cloudbleed, a major leak of user data affecting sites and services that use infrastructure provided by Cloudflare. It’s still too early to determine the scale of the problem — but it’s an ideal time to respond if you’re looking to avoid the fallout.

Cloudbleed refers to a memory leak that caused user data from apps and websites that use Cloudflare’s services to be splashed across the internet, and is being compared to the Heartbleed bug that reared its head in 2014. Unfortunately, it’s thought that some of the data leaked as a result of Cloudbleed may have been cached by search engines, meaning that malicious entities could have intercepted it, according to a report from Gizmodo.

Cloudflare has such an enormous list of clients that it’s difficult to list every single site and service that could be affected — although an effort to do just that is in progress on GitHub. Here’s a list of some of more commonly used domains that could have had user data leaked (although there’s no confirmation that they’ve been compromised as of yet):

  • uber.com
  • yelp.com
  • medium.com
  • 4chan.com
  • bitcoin.de
  • fitbit.com
  • authy.com
  • tfl.gov.uk
  • okcupid.com
  • discordapp.com
  • feedly.com
  • thepiratebay.org
  • pastebin.com
  • change.org
  • puu.sh

The above is by no means a definitive list, as millions of domains could potentially be at risk. However, it should demonstrate the variety of services that could be affected.

Related

To check whether any sites or apps you use are at risk, you can scour the full list on GitHub, or use the Does it use Cloudflare? web tool. However, most internet users are likely to hold an account on at least one affected site, so password refreshes are recommended for all.

Changing out every password you are currently using may seem extreme, but the stakes are high. If your user data has been leaked, and you use the same password for multiple sites, it might be possible for a stranger to gain access to all kinds of services on your behalf.

As such, it’s well worth doing a sweep now, and changing up your passwords to ensure that you’re kept safe. The inconvenience of spending a hour or two completing the task is a small price to pay for peace of mind.

This might also be a good time to improve your online security across the board. If you’re not already using a password manager and two-factor authentication to keep your accounts safe, there’s no better time to implement these services.

Above all else, vigilance is key. This is an evolving situation, since the problem was only made public a matter of days ago, and there are so many domains that could be affected. Keep a close eye on important accounts, and if you notice anything suspicious, make sure to follow up.

Editors’ Recommendations

Topics
Brad Jones
Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Nvidia’s RTX 3080 GPUs are crashing. Here’s what we know, and what you can do
nvidia rtx 3080 review 02

If you're one of the lucky gamers or creative professionals who defied the impossible and managed to snag one of the limited inventory of Nvidia's GeForce RTX 3080 flagship graphics card when they dropped, you may have found yourself in for a bit of a roller coaster ride with the new GPU. Gamers have reported instability problems with the card since shortly after the launch that cause the GPU to crash.

Since those reports have emerged, technology sites and industry insiders have offered differing hypotheses on what the issue could be, with both software and hardware being potential culprits. Nvidia has responded and released an updated GeForce driver. Here's what we know, and what you can do right now to prevent crashes from happening if you are the proud owner of an RTX 3080.
The problem

Read more
As Apple closes more stores, here’s what to do if your device breaks
ron johnson apple store interview abu dhabi

Apple has closed more of its retail stores in the U.S. in response to spikes in coronavirus cases in various cities across the country.

The tech giant said it will temporarily close a further 30 Apple Stores in seven states, bringing the total number of closures to 77 -- equal to more than 25% of its 271 stores in the country.

Read more
These robot vacuums have built-in cameras. Here’s what they can do
Roborock S6 MaxV closeup on cameras

There has been a lot of innovation in robot vacuums recently, including mopping capabilities and bots that can empty themselves. One of the biggest trends this year, though, is bot vacs that have built-in cameras. During some of our more recent reviews, including the Ecovacs Deebot Ozmo T8 AIVI and the Roborock S6 MaxV, we've found that these cameras have a range of uses. Do you need a robot vacuum with a camera, though? Here's a little insight into this new design trend to help you make an informed decision.

The Roborock S6 MaxV's camera John Velasco / Digital Trends
What do cameras do, exactly?
Cameras basically allow the bot to "see." Most new cleaning bots use their seeing ability to clean better. For example, the Samsung Powerbot R7070 and the Roborock S6 MaxV have a camera-based navigation system that helps them to see and avoid furniture, socks, and other things on the floor. Camera navigation systems help vac bots create a better map of your home, too. Cameras can also be placed on bots to act as mobile security cameras that can patrol your home.
Better cleaning
Maps made by the DEEBOT T8 AIVI Image used with permission by copyright holder

Read more