Comment by problems

Yeah, I got this this morning too. It seems to be a pretty big downplay - it should be closer to "change all your passwords, have all your customers change all their passwords". They're busy shredding data from caches, but anyone scraping cloudflare sites in recent days might have data around that they'll never know about.

But I don't blame them entirely - it's unlikely this will have been used and unlikely a given customer's data would be present, so it'd induce panic which would probably never have resulted in an attack.