Seems for the last several months Cloudflare has been leaking https sessions.
I know a lot of private trackers use Cloudflare, so a lot of info for those sites could be floating around out there, including passwords.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
33 commentsshare

https://www.reddit.com/r/trackers/comments/5vw3rs/psa_change_your_passwords/

https://github.com/pirate/sites-using-cloudflare

Is sbi effected by that CloudBleed ? That a horror movie for security and online privacy.

Is sbi effected by that CloudBleed ?
no

I wouldn't worry about it. If I did worry, i can't change the password of 100 accounts...
Let the hackers have them.

This is a nightmare. Thankfully we weren't using any of the features that required their broken parser.

Many trackers use it. Shit !


I wouldn't worry about it. If I did worry, i can't change the password of 100 accounts...
Let the hackers have them.

+1

This is a nightmare. Thankfully we weren't using any of the features that required their broken parser.

In a situation like this, there's nothing you can do. If you are a guy that has less 20 accounts, you might change them in time before anyone can get their hands on them. But when you have hundreds of accounts, trackers, warez, various forums, there is jut no way to change them all. You start today and you finish in 4 days of changing passwords and still not done.