Comment by arestor
8 years ago
Some features had a bug which lead to uninitialized memory (AKA previous memory contents) in the output of a malformed HTML page was requested.
As one such server handles many sites, everything that the server handled before that request may be compromised. This includes all HTTP-GET/POST data (credentials, direct messages to other users, ...), Headers (API tokens, Login-Cookies) and contents.
So, you have to assume that everything you did on a CF "protected" website in the last months (especially between 2017-02-13 and 2017-02-17) is potentially compromised.
Where is a reliable list of CF-protected websites so I may identify which ones I have interacted with?
An unofficial list is being compiled here: https://github.com/pirate/sites-using-cloudflare