A serious vulnerability has been discovered in some of Cloudflare’s services. Cloudflare is used by a huge number of websites on the internet, mainly to improve speed and security.
An estimated 4 million domains may have been leaking private information since September, some of which has been crawled and indexed by search engines. Confirmed cases include big sites like: yelp.com, okcupid.com, zendesk.com and uber.com.
Don’t know if your site uses Cloudflare? This website makes it easy to check if your website is using Cloudflare’s services: http://www.doesitusecloudflare.com/.
A full list of potentially affected sites is available here. The person who has created this list strongly suggests changing passwords for all listed domains.
If you are using Cloudflare on your site, it’s worth double checking your security and settings and investigating if there are any implications. There is more information on the leak on the Cloudflare blog here: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/.