Cloudflare reported on February 19th that there was a severe parser bug in their content optimization systems. Cloudflare is a free service that acts as a proxy between your server and your visitors, preventing against Denial of Service attacks and accelerating traffic.
According to the CTO of Cloudflare, the service may have leaked sensitive information since September 22nd of last year. The bug leaked memory contents of websites including passwords, cookies and personal information. Per an official report, “the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”
The most notable sites utilizing Cloudflare are Authy, Coinbase, Bitpay, Uber and Blockchain.info. Many others are said to be affected as well, as Cloudflare provides services for over 5 million websites. The most popular sites that utilize Cloudflare have already sent out warning emails to users, but regardless it is recommended to change your passwords frequently in this age of growing cyber attacks. Further information about the bug can be found in the official notice here.