cyber Breach

OkCupid

Nov 19, 2023 1 min read
OkCupid

Cloudflare was disclosing a lot of private data, including login passwords and authentication cookies.

Uber, Fitbit, 1Password, and OKCupid are just a few of the big names affected by the Cloudbleed security flaw in Cloudflare servers.

Because mobile apps are created with the same backends as browsers for HTTPS (SSL/TLS) termination and content delivery, they are likewise impacted by Cloudbleed.

The fact that Cloudflare directed Ormandy to the company's bug bounty programme and offered the expert a t-shirt as payment in lieu of cash is highly unusual.

Source: https://securityaffairs.com/56617/data-breach/cloudbleed-cloudflare-flaw.html

TPRM report: https://scoringcyber.rankiteo.com/company/okcupid.com

"id": "okc642191123",
"linkid": "okcupid.com",
"type": "Data Leak",
"date": "02/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Cloudflare',
                        'type': 'Organization'},
                       {'industry': 'Transportation',
                        'name': 'Uber',
                        'type': 'Organization'},
                       {'industry': 'Health Technology',
                        'name': 'Fitbit',
                        'type': 'Organization'},
                       {'industry': 'Cybersecurity',
                        'name': '1Password',
                        'type': 'Organization'},
                       {'industry': 'Dating Services',
                        'name': 'OKCupid',
                        'type': 'Organization'}],
 'attack_vector': 'Cloudbleed Security Flaw',
 'data_breach': {'type_of_data_compromised': ['login passwords',
                                              'authentication cookies']},
 'description': 'Cloudflare was disclosing a lot of private data, including '
                'login passwords and authentication cookies. Uber, Fitbit, '
                '1Password, and OKCupid are just a few of the big names '
                'affected by the Cloudbleed security flaw in Cloudflare '
                'servers. Because mobile apps are created with the same '
                'backends as browsers for HTTPS (SSL/TLS) termination and '
                'content delivery, they are likewise impacted by Cloudbleed.',
 'impact': {'data_compromised': ['login passwords', 'authentication cookies'],
            'systems_affected': ['Cloudflare servers', 'mobile apps']},
 'title': 'Cloudbleed Security Flaw',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Cloudbleed'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.