Cloudflare, a major network providing enhanced performance and, ironically, security for millions of websites has released a report detailing a serious flaw in their software. The leak exposed sensitive data such as passwords, authentication tokens, cookies, and more and could be collected by anyone who took notice of the error. The list of websites afflicted by this issue is not complete but a list is being compiled on Github and includes Discord, Reddit, Patreon, Authy, Fiverr, and many more. It is strongly advised that you change all of your passwords, even if you have Two-Factor Authentication enabled (as Authy is listed as compromised too). If you don’t have 2FA, you should set it up on any website that allows for it (Twitch, Twitter, Discord, Gmail, etc).
- Do not use the same password across all sites. Create a pattern that makes each password unique but memorable.
- Use a password manager such as LastPass
- Create a running list of website passwords you have changed so far