3 million Cloudflare customer IP’s allegedly stolen from the July 17th outage appear on Dark Web, Cloudflare denies any data leak
Cloudflare had suffered a global outage on July 17th, 2020 which caused many websites powered by Cloudflare CDN to go down. Cloudflare had at that time said that the outage apparently caused by an error in a router on the CDN provider’s global backbone network brought down a slew of web services Friday afternoon across many parts of the world.
Yesterday, the National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine (NSDC) Ukraine detected a list of almost 3 million IP addresses exposing 3 million websites that use Cloudflare service to protect against DDoS and a number of other cyberattacks on the dark web. Interfax Ukraine says that NCCC noted that the records included 45 gov.ua domains, or Ukrainian government domains, and more than 6,500 .ua domains, including “resources belonging to critical infrastructure objects.” The data leak is allegedly linked to the Cloudflare’s July 17th outage.
Searching for Cloudflare IP addresses on Google reveals a website called Crimeflare.org. Crimeflare’s stated motto displayed on the website is “uncovering bad guys hiding behind Cloudflare.” The website lists two databases for download.
- 27.50MB zip file containing 2,593,320 IP addresses
- 15.51MB zip file lists all domains on their database
Crimeflare.org says that these IP addresses belong to websites using Cloudflare CDN. The website also provides a searchable option for website owners to find out if their IP address is leaked and available in the database. However, It could not be confirmed whether the IP addresses leaked Crimeflare belong to Cloudflare or have any connection to the Cloudflare outage on July 17. It also not confirmed whether the 2.5 million IP addresses leaked by Crimeflare.org are the same ones mentioned by Ukraine’s NCCC.
Cloudflare has denied about any data being leaked from its servers. It told HackRead that “we have investigated in detail an alleged leak of DNS information concerning Cloudflare’s customers. The information posted on social media is not the result of a leak or breach of our systems. The published data is available through standard DNS queries on the open internet, rather than the result of a leak or breach.”