To make it simple I'll copy and paste the github summary (https://github.com/pirate/sites-using-cloudflare) "Between 2016-09-22 - 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months. Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was trigerred the response would include data from ANY other cloudfare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn't use those features. So the potential impact is every single one of the sites using CloudFare's proxy services (including HTTP & HTTPS proxy)." I have spoken to @Demon and his 2 sites have been affected and are on the list as well as a friend of his and his domain. Please refer to this list to check if there is any site you access or own that has been affected by this. https://github.com/pirate/sites-using-cloudflare/archive/master.zip (the txt is 63mb, please use notepad++ if on windows to open this and search, notepad will not help you) I advise everyone to proceed with caution, and do your best to ensure your sensitive data is safe
Really annoyed by this. Had to change passwords for those sites of mine and inform the users. Noticed a bunch of sites from friends on there from researching more. Unreal how they can allow something like this to happen. Thankfully no private info of my sites seems to have been disclosed but better to change passes to be safe. EDIT: While my site was on the list it seems I wasn't compromised as I just got this email,
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139 ...patched today, new bug discovered tomorrow...
