Wise and Cloudflare


You may have read in the press that Cloudflare - a service provider that Wise uses - was affected by a bug. That bug meant some of Cloudflare’s customer data was exposed.

As soon as we were aware of this, we got in touch with CloudFlare to establish whether Wise data was affected. We also launched our own checks.

We’ve done a full investigation alongside Cloudflare, and we are confident that Wise customer data is safe. We've included a detailed explanation at the bottom of this post.

What does Wise do to protect customer data?

We’ve got a specialised, in-house team that look after security. It’s their job to keep customer data watertight. They continually review and update our processes to ensure the integrity of our platform.

On top of that, we’re constantly monitoring and testing all of our services. This makes sure that our customers’ data is secure - and always protected. Plus, all communications between customer devices and our platforms are encrypted.

You can read more about our security systems on our FAQs.

Do I need to change my Wise password?

No, you don’t need to. But this is a good time to recap on some password best practice:

  • Make sure it’s strong - a strong password is long, made up of numbers and symbols, as well as both uppercase and lowercase letters.

  • Use different passwords across different websites and services - this means that if someone who isn’t you gets your password, they can only use it on one website.

Wise and Cloudflare - behind the headlines

We thought we'd share some of the background to how we deal with technical issues like the Cloudflare bug that was reported overnight.

It’s an extremely serious issue. There’s also a lot of wild speculation around - especially on social media. So we thought some readers would be interested in the facts.

What happened?

The Wise team became aware of the Cloudflare bug early this morning. We immediately got in touch with CloudFlare to find out how our services were affected. We also began our own investigation.

What was the issue?

You can find a full description of the issues on Cloudflare’s blog, and on the Project Zero bug report.

It’s important to note the nature of the leaks. At its peak, roughly 1 in every 3.3 million requests had the potential to leak into someone else's session. These leaks would often result in being rendered in a browser as meaningless characters in the bottom of the screen.

There’s no evidence that anyone was harvesting this transient leaked data for malicious purposes. But the internet has a ‘memory’ in the form of caches maintained mainly by search engines.

In the time between being informed of the bug and it being made public, Cloudflare has been constantly searching these caches for any of the inadvertently leaked information. The greatest threat (given that the bug itself was fixed) was for someone to harvest the leaked data from these caches.

What’s the outcome?

Both the Cloudflare and Wise teams are confident that no identifiable Wise or Wise customer data was found in these caches.

Some of our partners also use Cloudflare. So as a precaution, we’ve reset any credentials that we use to connect to those partners and service providers, such as API tokens. We’ve done this because these credentials are used repeatedly, and that means they’re statistically more likely to have been leaked.

We’ll be closely monitoring this situation over the coming days and weeks. And if you’ve got any questions at all, you can get in touch with us. We're happy to answer your questions.

*Please see terms of use and product availability for your region or visit Wise fees and pricing for the most up to date pricing and fee information.

This publication is provided for general information purposes and does not constitute legal, tax or other professional advice from Wise Payments Limited or its subsidiaries and its affiliates, and it is not intended as a substitute for obtaining advice from a financial advisor or any other professional.

We make no representations, warranties or guarantees, whether expressed or implied, that the content in the publication is accurate, complete or up to date.

Money without borders

Find out more

My first sabbatical

When we started Wise 12 years ago, we knew the problem we were tackling was a big one. Solving for hidden fees and rebuilding broken international financial...

Kristo Käärmann
10.05.23 1 minute read

April 2023 Trading Update

Welcome to our quarterly trading update blog post where we will be going through our mission and financial highlights from the last three months, January to...

Matt Briers
18.04.23 8 minute read

Tips, news and updates for your location