Singapore websites at risk of data leak caused by Cloudbleed bug

Singapore-registered web domains could be among those exposed to the Cloudbleed bug, which causes private information keyed into supposedly secure websites to be leaked.

The authorities are monitoring the situation but no data leaks have been reported by companies or individuals so far.

Around the world, the bug has hit up to hundreds of thousands of URLs belonging to websites using the services of Internet infrastructure provider Cloudflare. A bug in Cloudflare’s software caused information from websites to be leaked, and some of the data has been cached by search engines such as Google and Yahoo, causing them to be publicly accessible.

Globally, passwords from sites owned by organisations including Fitbit, OkCupid and Uber have reportedly been leaked for months, according to a Business Insider article. Cloudflare was quoted in the report saying that data had been leaked between September last year and this month.

A list of more than 2,500 Singapore websites — owned by various organisations in the private and public sectors — at risk of being affected by the Cloudbleed bug has also surfaced.

For example, domains belonging to news websites mothership.sg and tamilmurasu.com.sg and transport service beeline.sg, were on the list. However, TODAY understands that these sites were not affected by the bug.