Cloudflare, which is used by more than 5.5 million websites, accidentally leaked mass amounts of sensitive user information from those sites, including passwords, private messages, hotel bookings, and more between September 2016 and February 18th of this year. The leak has been dubbed ‘Cloudbleed’.
Security researcher, Tavis Ormandy, identified the vulnerability, which is the result of a software bug in their code, known technically as a buffer overrun. According to a blog post from Cloudflare, “our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data” and that they have not found “any evidence of malicious exploits of the bug or other reports of its existence.”
[reference : blog.dashlane.com]