Important Cloudflare security information - Feb. 24th, 2017
-
Monday, 27th February, 2017
-
13:09pm
If you do not utilize Cloudflare services for your domains, you can safely disregard this security notice.
Due to a bug, Cloudflare may have leaked private information from websites utilizing their services. Cloudflare reports "We have not discovered any evidence of malicious exploits of the bug or other reports of its existence" but we are recommending that our customers take the proper precaution of resetting passwords for any domains utilizing Cloudflare services.
Any data passed through Cloudflare may have been compromised, so we are also recommending that any of your users or customers who have utilized password-protected features of your domains (i.e. username and password to log in as a customer to your eCommerce site) should also reset their password.
Cloudflare and Google have eliminated the bug and any cached information, but Cloudflare users may have been affected prior to the bug fix.
The official post-mortem from Cloudflare is available at the following link: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
