Comment by joepie91_
8 years ago
This is probably a good moment to recall the article I published a while ago about how CloudFlare is actively putting the web at risk: http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-hav...
This is precisely why. The only thing that surprises me about this, is that it was an accidental disclosure rather than a breach. Other than that, this was completely to be expected.
EDIT: Also, this can't be repeated enough: EVERYBODY IS AFFECTED. Change your passwords, everywhere, right now. Don't wait for vendors to notify you.
Anything could have irrevocably leaked, and you have no way of knowing for sure, so assume the worst.
I can't change my Uber password - first, the only way to do so is via the 'Forgot your password' dialogue, and second, that now produces a 500 error from NGINX.
Lots of services are going to crumple under the weight of frantic password-reset requests.
Related: http://crimeflare.com/
Just looking at that site... what's so bad about Wikipedia? There's a lot to criticize about Wikipedia, but I've never heard of them violating someone's privacy.