I suggest you change your passwords on pages which using/used cloudflare. Source: https://github.com/pirate/sites-using-cloudflare
@CK thanks for the heads up dude I already change mine when MDL suffer damn attack and I follow Daz instructions in this time maybe I need change another time??
I have not looked at your list yet but did you include app's. What I mean by that is lets say you use an android app that connects to FaceBook and that app uses CloudBleed CloudFair as it's server.
Yes for example some popular apps are affected by this, e.g. Discord which uses cloudflare. The good thing is that you can still use 2-factor and change your password and you 'should' be safe.
Another thing do you find the timing of the Google WiFi hub (or whatever its called) and FaceBook Having problems with people trying to log on and not being able to.
Sorry I not know anything when it comes to facebook. I assume they using own services and they should be secure. Of course everything is possible we are all only humans and making mistakes.
I know that FaceBook does not but there are a ton of apps for it (I think anyway) that might use it. Anyway I was just thinking out loud. Check a site to see if it was affected by CloudBleed. http://www.doesitusecloudflare.com/
MDL shouldn't be affected by this since we didn't have the settings enabled that caused the problem. We've also received an email from Cloudflare to confirm this. It should be made clear that the list of sites using Cloudflare doesn't reflect who was and wasn't affected. Of course you should change your passwords anyway, just to be safe.
This is wrong, the list is from Cloudflare. I think they now better. Edit: The thing is that we not know what exactly is 'affected' since there is no information on this, which is already mentioned over here and here. But I made a pull request just in case to not confuse people as long there is no evidence that something was compromised.
Source: It's in the GitHub pages disclaimer. If you didn't use automatic HTTPS rewrites, server side excludes & email obfuscation then you shouldn't be affected. The GitHub page is totally unofficial and is nothing but pointless guess work.
The problem is not even an Admin/Webmaster can see if the page is compromised since the traffic is encrypted and you never know if it wasn't captured or in other ways compromised. But that's the part why I've said, no evidence.
The three settings that I've mentioned caused the leak in the HTML parser. If you already had them turned off like MDL did then you shouldn't have any bad data cached. Source: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/ I had personally checked multiple search engines as soon as the news broke. I didn't find any bad data and then eventually we received an email from Cloudflare to say that we're unaffected. Could the leak of affected other sites? Sure, but I'd bet that at least 90% of the sites on that list are perfectly fine. You should ignore coderobe's reply on GitHub as he's not taking into account what settings CF customers used. The people who have access to the GitHub page can't prove that most of the sites aren't affected, so they're choosing not to trust what Cloudflare or their customers tell them. We're all being put on a list that just spreads a little FUD. You should know that we've only been using CF as a proxy for a few months now. We also don't get a lot of our pages cached due to all of the bogus DMCA takedown requests that go against us, so don't worry about getting MDL removed from the list.