You may never have heard of Cloudflare, but they are one of the biggest content syndication and load management providers around. They keep sites up and running even in the face of massive amounts of traffic. As such, they are used by companies like Uber and many others.
It turns out there was a flaw in their service dating back to September, which caused random chunks of data from other sessions to be leaked. This included data that would otherwise be encrypted or secured--usernames, passwords, private messages, and so on.
Since it's virtually impossible to know whether you were affected, the best course is to change all your passwords as soon as possible. Either that, or make sure you have extra measures (2-factor authentication, login notifications) in place for any services you care about.
You can read more here, and full technical details from Cloudflare here. Cloudflare is downplaying the severity of this issue. Given that it was in place for several months, there's no telling how frequently it was exploited before a Google engineer reported it on the 18th.
It turns out there was a flaw in their service dating back to September, which caused random chunks of data from other sessions to be leaked. This included data that would otherwise be encrypted or secured--usernames, passwords, private messages, and so on.
Since it's virtually impossible to know whether you were affected, the best course is to change all your passwords as soon as possible. Either that, or make sure you have extra measures (2-factor authentication, login notifications) in place for any services you care about.
You can read more here, and full technical details from Cloudflare here. Cloudflare is downplaying the severity of this issue. Given that it was in place for several months, there's no telling how frequently it was exploited before a Google engineer reported it on the 18th.
