Web domains registered in Singapore are exposed to the Cloudbleed bug which can lead to data leak. The authorities are monitoring the situation. However, no data leaks have been reported so far by any companies or individuals.
According to reports, the bug has hit up to hundreds of thousands of URLs belonging to websites using the services of Cloudflare. Reportedly a bug in the Cloudflare’s software has caused information from websites to be leaked and some of the data have also been cached by search engines such as Google and Yahoo. It has led them to be publicly accessible.
A list of more than 2500 Singapore websites being affected by the Cloudbleed bug has surfaced. These websites are owned by both private and public sectors.
While talking to media, Dan Yock Hau, director of National Cyber Incident Response Centre has said, “Organisations can seek help from SingCert if they encounter cyber security incidents.”
Singapore Computer Emergency Response Team (SingCert) had flagged the threat last Friday on February 24, warning a ‘critical system vulnerability’ caused by the bug.
In the advisory, SingCert had mentioned, “Search engines such as Google, Yahoo etc. could have cached some of the leaked memory through their normal crawling and caching processes. Visitors who have keyed in their personal data on affected websites could potentially be at risk.”
They had also recommended, website administrators who are using Cloudflare services should refer to the advisory put up by Cloudflare, and perform their own risk assessment. SingCERT will provide updates when more information is available.
Reportedly, Cloudflare hosts more than 5.5 million websites.