So just in case people haven’t seen the dozens of article on the web. Looks like cloudflare had some HTTPS traffic leak.
Originally found by taviso@
A decent write up by octal
On going list of sites affected on github
Some sites are reporting that they may not be affected as they were just using cloudflare’s managed DNS and not the proxy. However, I’d recommend changing passwords for sites as necessary, stay safe out there.
Except in this case, that might not help, because one of the things potentially leakable is the 2FA shared secret.
Ninja Edit: Obviously, I mean if you inititally enabled 2FA during this leaking period, it is potentially among the pieces of data bleed by CloudBleed.