Cloudflare Inc., a U.S. based web-infrastructure and website-security company has denied reports of data leak exposing nearly 3 million customer’s IP addresses on the Dark Web.
This denial from Cloudflare comes after the National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine (NSDC) on July 26, 2020, claimed that they had found a list of nearly 3 million sites on the Dark Web using Cloudflare service to protect from Distributed Denial of Service (DDoS) and a number of other cyberattacks.
According to NSDC, the published list contains real IP addresses of sites that pose threats to attacks, particularly it includes 45 of its own records featuring the “gov.ua” top-level domain (TLD) and 6,500 records with the domain “.ua” TLD that are resources owned by critical infrastructure objects.
“The NCCC experts have already analyzed the information regarding Ukrainian websites: information on some resources is outdated. However, the other part remains relevant. Owners of compromised resources are encouraged, if possible, to promptly change the IP addresses of web resources and increase the monitoring of cyberattacks on these resources,” the NSDC wrote in the message on Facebook.
Cloudflare denied that there was any data leak from their company. “We have investigated in detail an alleged leak of DNS information concerning Cloudflare’s customers. The information posted on social media is not the result of a leak or breach of our systems. The published data is available through standard DNS queries on the open Internet, rather than the result of a leak or breach,” the company told HackRead.
“Cloudflare provides different services to different customers. Some customers use us for security services. Some use us for performance services. Some customers make use of both. The published information reflects a small fraction of Cloudflare customers who either use Cloudflare only for DNS resolution or only for performing services and therefore have not configured Cloudflare to secure their origin server,” the company explained.
“If these customers intended to use Cloudflare for security services, they may have misconfigured the security settings on their origin server or have misconfigured the proxy settings on some of their DNS records,” it further added.
“If a customer intended to use Cloudflare for security services and has identified that their origin server information was published online, they should follow this link to ensure their origin is secured.”
In order to check possible risks to safe operations of Ukrainian government bodies and critical infrastructure facilities, cybersecurity experts with the SBU Security Service of Ukraine assessed the leak of the Cloudflare customer database.
The SBU on Tuesday said that they found the data leak poses no additional risk to the work of the web resources served by Cloudflare, including Ukrainian state authorities and critical infrastructure facilities.
“The Security Service cyberspecialists checked the likelihood of risks to the operation of electronic resources of government bodies and critical infrastructure as a result of the leak of the customer database of Cloudflare Inc. The audit found that there is no threat to state resources,” the SBU said in a statement.
According to the authority, the IP addresses of the web resources on the Dark Web are a generalized database of publicly available data, namely the published domain Names with IP addresses that are available on the network using standard DNS (domain name system) queries.
“The disclosure of publicly available data does not pose additional risks for the operation of web resources served by Cloudflare, including for Ukrainian government bodies and critical infrastructure facilities,” the statement added.