There are many sites potentially affected by the recently uncovered cloudflare memory leak bug below.
Read this list to get an impression: [WayBack] sites-using-cloudflare/README.md at master · pirate/sites-using-cloudflare
Basically you should change your passwords, 2FA authorisations and any other security hooks going through these sites. There are 1000s of them, including many major sites.
The reason for being so cautious is that the leaks have been cached on many systems, including Google Search. Many providers have scrubbed caches, but the information could still be in some caches, or the caches of end-user machines.
Background reading:
- [WayBack] 1139 – cloudflare: Cloudflare Reverse Proxies are Dumping Uninitialized Memory – project-zero – Monorail
- [WayBack] Incident report on memory leak caused by Cloudflare parser bug
- [WayBack] Cloudbleed: Cloudflare leaks sensitive data, many major websites affected
- [WayBack] Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended [U] | 9to5Mac
- [WayBack] I thought I’d write an update on git and SHA1, since the SHA1 collision attack was so prominently in the news… – Linus Torvalds – Google+
–jeroen
