Full details here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
In summary:
Memory-related vulnerability in CloudFlare's reverse proxy software caused data to get mixed up.
Sensitive data (passwords, cryptographic keys, PII, and so on) ended up in Google's scrapes, and likely those of everybody else.
Assume all of your passwords and PII to be compromised; there's no reliable way to tell what sites were using CloudFlare when, or whether they were affected.
Change your passwords everywhere immediately, and keep an eye on your finances. Don't wait for notifications from vendors.
In summary:
Memory-related vulnerability in CloudFlare's reverse proxy software caused data to get mixed up.
Sensitive data (passwords, cryptographic keys, PII, and so on) ended up in Google's scrapes, and likely those of everybody else.
Assume all of your passwords and PII to be compromised; there's no reliable way to tell what sites were using CloudFlare when, or whether they were affected.
Change your passwords everywhere immediately, and keep an eye on your finances. Don't wait for notifications from vendors.
Code:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/?utm_content=buffere476a&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
