A serious data breach impacting nearly 3,400 websites and apps including Uber and FitBit may have leaked sensitive data across the internet for months.
CloudFare, a cybersecurity company warned customers of a critical bug that could have exposed a range of sensitive information including usernames, passwords and other information onto the open internet.
“The bug was serious because the leaked memory could contain private information and because it had been cached by search engines,” Cloudflare stated in a blog post.
The flaw was identified late last week by Googles security researcher Tavis Ormandy who said he found said he found “private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings.”
Uber said passwords were not exposed and that “only a handful of session tokens” needed to be fixed. Fitbit said it was still assessing the bug’s impact.
OkCupid is investigating the matter and said in a statement they will take the necessary steps to protect its users.