Cloudflare has had a megabug.
CHANGE ALL YOUR PASSWORDS EVEN IF IT TAKES YOU HOURS.
Read this security write-up, it’s really worth it: https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
As a genuinely wise person on HN (https://news.ycombinator.com/item?id=13718752) said:
If you were behind Cloudflare and it was proxying sensitive data (the contents of HTTP POSTs, &c), they’ve potentially been spraying it into caches all across the Internet; it was so bad that Tavis found it by accident just looking through Google search results.
In a line: your secrets cached via cloudflare may have been leaking.
ALSO, if you use cloudflare in your own stack, please cycle (regenerate and swap) your secret keys. You should also consider what user data may have been made vulnerable and communicating this to users.
I’m off to start work on a log cabin in Greenland.