Comment by HappyTypist

Why is your company severely downplaying it?

Honestly, this is the biggest security incident in a long time, and proper mitigation would probably warrant:

- forcefully terminating all cookies on CloudFlare sites, cloudflare already injects JS onto the page anyway

- MITMing all CloudFlare sites with a warning for users to change their passwords