Cloudflare Data Leak

[Ignis]

It was disclosed today that Cloudflare, the CDN (content delivery network) provider we use, had a bug that could expose any unencrypted information being transferred between a site powered by Cloudflare and its end-users. Among the possible information exposed are user passwords and other user credentials.

For more information, please check out Ars Technica or security researcher Ryan Lackey's post on Medium.

I should note two things:

1. There has been no report of concerted efforts attempting to maliciously peruse the exposed information.
2. ASF does not have the affected feature set. We're most likely safe.

However, it's always better to be safe than sorry, and the bug could still affect third-party sites. Therefore, we strongly suggest that you change your ASF password as soon as possible. Pick a strong one. If you don't already, I also highly recommend you use a password manager like LastPass or KeePass, both of which have a password generator. Today is as good as any to start caring more for your own security.

Thank you for your understanding.

 

[corocoro]

Update: We have received information from CloudFlare that nothing was leaked from our systems.
Still, other websites might not have been so lucky. So this is a good chance to remind people to use unique passwords on all services and store them in something like KeePass or LastPass.