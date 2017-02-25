Patrick Holland/CNET

Cloudbleed is the latest internet bug that puts users private information in jeopardy. News of the bug broke late Thursday February 23, but there is already a lot of confusion about it and the actual impact it has on people's information.

We compiled this as a guide to Cloudbleed and how you should respond. News of Cloudbleed is ongoing, and we'll update this article as new issues arise. Check back for new information.

What is Cloudbleed?

Cloudbleed is the name of a major security breach from the internet company Cloudflare that leaked passwords, and other potentially sensitive information to thousands of websites over six months. The name comes from Tavis Ormandy of Google's Project Zero who reported the bug to Cloudflare and joked about calling it Cloudbleed after the 2014 security bug Heartbleed.

Is Cloudbleed worse than Heartbleed?

At this point, no. As scary as any internet security breach seems, these were pretty different. Heartbleed affected half a million websites, whereas at this time only 3,400 websites are believed to have had the Cloudbleed bug.

But here's the potentially scary part. Those 3,400 websites leaked private data from other Cloudflare clients. So the actual number of websites and people actually affected could be much higher.

Is Cloudbleed still actively dangerous?

No. Think of Cloudbleed like a person surviving a heart attack. It's scary, it will require changes to prevent it from happening again, but the worst of it is over for now.

If there is an upside to this story, it's that Cloudflare stopped the bug within 44 minutes of finding out about it and fixed the problem completely within 7 hours.

But the bug is believed to have affected websites going as far back as September with the height of the breach occurring between Feb. 13-18. So there will be ripples of consequential fallout as companies learn about the bug and whether their customers' information was involved.

Who is Cloudflare?

Cloudflare provides essential internet infrastructure and security to millions of websites. On its website, Cloudflare lists Nadaq, Bain Capital, OKCupid, ZenDesk, Cisco among others under its "Trusted by" section.

Even though you might not be familiar with the name Cloudflare, chances are a website you've visited uses the company for security or information delivery.

What websites were affected?

At this point, we know that Uber, FitBit and OKCupid were three directly affected, but there's thousands more.

In response to news of the leak, companies have taken to Twitter to acknowledge the bug and reassure their customers.

How many people are at risk because of Cloudbleed?

It's tough to say, but it's low. As I mentioned above, the peak of the Cloudbleed bug was between Feb. 13-18. In a post on the its website, the Cloudflare shared that during this time, "1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that's about 0.00003% of requests)."

What kinds of information was leaked?

When you look at the web address for a website you're on, sometimes you see "http" at the beginning. But when you're on a secure website, for example a bank or a password login screen, you'll see "https" at the beginning indicating that the page is secure.

Services like Cloudflare help move information entered on those "https" websites between users and servers securely. What happened here is some of that secure information was unexpectedly saved when it should not have been. And to make matters worse, some of the saved secure information could be found using search engines like Google, Bing and Yahoo.

So it could have been a username or a password, or a photo or frames of a video or more behind-the-scenes things like server information and security protocols. At this time, there is no indication that any of this information was accessed by hackers.

What should I do?

Jason Cipriani/CNET

To be honest, nothing you do now will undo what has happened. But there are things you can do to protect yourself from such things happening again before the next ______bleed happens.

The first thing is change your passwords to really actually secure passwords. If you need help, CNET has your back with this handy guide we made all about passwords.

Next, if a website or service offers two-step verification (sometimes called two-factor verification) use it!

Last, contact the companies of the sites and services you use and let them know your feelings about protecting your security and privacy. As worried about Cloudbleed as some people might be, companies will be pretty worried too and hearing from their customers can long a long way toward improving things for everyone.

What happens next?

Again, information about Cloudbleed became public as of February 23 and as we get new information about the bug we'll update this article.