Last Friday Google informed Cloudflare, a company that provides content delivery and security services for over 2 million websites, of a data leak which resulted from an error in their code. You may have heard of this bug referred to as “Cloudbleed”. As a result, data was exposed, and possibly seen, by spammers or other internet users with malicious intent. This data may also have been saved by search engines or other sites which cache data so that users can access information more quickly. Cloudflare worked with Google to ensure that the data was removed from their cache. However, there’s potential that the data is still available.
Affected websites will send emails in the following days and weeks asking you to reset your password using a link in the email. Do not click the link. Spammers can create emails that look convincing and include links that will download a virus, or take you to a fake site so that they can steal your credentials. So, even if the email looks legitimate, go to the site directly in your web browser to change your password.
Data breaches like this emphasize the importance of using strong, unique passwords for every website account you have. We highly recommend that you use 2-Factor Authentication, and a password manager, like LastPass, to store and manage your passwords.