The cloud is bleeding! Gizmodo CNN Wikipedia Or more specifically, CloudFlare's proxy service is occasionally leaking data that is then getting cached by accident by webcrawlers and search engines. This data includes things like passwords, PII, encryption keys, http requests, and in general lots of scary stuff. So what does that mean for you? Probably nothing, unless you're paranoid; the chance of your passwords and PII getting leaked specifically is very low. There's no sign of significant leakage nor of traffic that indicates exploitation. According to CloudFlare, the only sites that actually were noticeably leaking were mainly old Wordpress sites, which I think have been known to be massive security holes for a long while. If you're paranoid, it means change your passwords, but if you're paranoid everything means change your passwords. Where? Well, here is a github link where you can download a long list of sites using CloudFlare (warning: long; millions of sites are listed, not all of them are necessarily vulnerable) that you can search for the sites where you think you might be concerned, i.e. sites that you need a password for. CloudFlare hosts a good chunk of the internet, even if the vast majority of CloudFlare wasn't subject to this bug, so you'll have to decide for yourself how much you're going to change. I would suggest at least the ones where you put money on the internet, and the ones where you post things that you want attributable to your username but not your IRL self. Anyway this weekend is off to a great start.
Pretty sure someone on the Kintsugi Discord said that Xenforo does use cloudflare, so I went and changed my pw just in case. The other notable sites I've seen that use cloudflare that might be affected are Discord and Patreon.