How long ago was this known?
I think it was since September last year there was a breach in their service but they didn't report it until just now.
I hate when those companies hide these things when they actually do happen because they are thinking they are somehow doing "Damage control" but actually making it much much worst for them not notifying the public of these customer information have been comprised type of scenarios.
According to their blog post, they managed to solve the issue in less than 48 hrs.
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/I don't think it was known in September. It was reported by Tavis Ormandy last Friday.
But within that 48 hours all logins were comprised.
And the hackers have those lists.
So alot of accounts are dormant. And can be retrieved and used by those hackers.
Am I right or wrong in this scenario that is brewing in my mind about this security breach?
And they thought those leaked 15,000 or what however many emails were found by hackers, this is much worst for millions of people's information being waiting to be sold later on when the heat is off those that did the hack.
This outage was first spotted by the Tavis Ormandy, the British bug hunter from Google's Project Zero security team. He updated his findings on twitter
From Tavis Ormandy : Cloudflare have been leaking customer HTTPS sessions for months. Uber, 1Password, FitBit, OKCupid, etc.
I am hoping bugs played with the sessions only not with the data's. Let see.