26 March 2017
visit http://events.sap.com/gb/fsi-forum-2017/en/home

In wake of Cloudflare bug, Starling advises customers to change passwords

24 February 2017  |  8609 views  |  2 Cloud

UK challenger bank Starling is advising customers to change their passwords in the wake of a bug at internet infrastructure firm Cloudflare which saw sensitive information from some firms leaked.

Cloudflare provides security protection against things such as DDoS attacks to more than four million websites by routing traffic through its network.

According to a blog, after a tip-off from Google the firm discovered a simple code bug which led to website passwords, cookies and authentication tokens posted online in plain text over a period of several months from September.

Several financial services firms, including Coinbase, Betterment, TransferWise, Prosper, are on a list of potential victims. One Cloudflare client, Starling, took to Twitter to tell customers that it is investigating.


However, the challenger bank tells Finextra it has been told it is "not one of the 150 companies at the centre of the investigation by Cloudflare". Nevertheless, it is advising customers to change passwords as a "precautionary measure".

TransferWise also says that it has done a "full investigation" and "we are confident that TransferWise customer data is safe".

The Cloudbleed bug meant that some visitors to affected sites saw unencrypted private data from previous visitors along the bottom of tens of thousands of pages a day.

Cloudflare has been working with search engines such as Google and Bing to remove cached data but says it has not seen any malicious use of the information.

Comments: (2)

A Finextra member
A Finextra member | 24 February, 2017, 14:44

Aren't there legal and regulatory requirements to notify individuals whose information was compromised?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 27 February, 2017, 06:48 Not yet, the general data protection regulation enters into force in May 2018. Also passwords for banking teansactions will be mandated to be replaced by strong two factor authentication when the PSD 2 is in full force. One should not bank with a company that still offers static password to access onlone bank services.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit abe-eba.euVisit capgemini.com

Top topics

Most viewed Most shared
French retailer Carrefour launches online bank accountFrench retailer Carrefour launches online...
57367 views comments | 16 tweets | 36 linkedin
European Commission opens public consultation on fintechEuropean Commission opens public consultat...
9713 views comments | 43 tweets | 26 linkedin
Can banks really win in the payments business of the future? – new Finextra reportCan banks really win in the payments busin...
8940 views comments | 23 tweets | 37 linkedin
MAS to roll out national KYC utility for SingaporeMAS to roll out national KYC utility for S...
7935 views comments | 19 tweets | 28 linkedin
SecureKey taps IBM to put identity on the blockchainSecureKey taps IBM to put identity on the...
7378 views comments | 22 tweets | 15 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job