In December, CMB suffered from some sort of connection issues. From my research, it appeared that we may have been the victim of DDoS attacks. In an effort to prevent further attacks, I signed the site up with CloudFlare.
Today I found out that CloudFlare suffered a serious memory leak. What made it worse is that search engines were apparently able to cache this information. Private information like passwords, private messages, cookies, etc appear to have been leaked.
Many websites use CloudFlare's services, so I STRONGLY RECOMMEND changing ALL of your passwords on EVERY website, including your passwords here at CMB.
To change your CMB passwords, go to your User Control Panel, click on Profile, and then click on Edit account settings. You'll see a spot where you can type in a new password, confirm (retype) the new password, and then at the bottom confirm the current password. Hit Submit. You can ignore the Username and email address fields when you are only changing your password.
Here are some links for further reading:
The bug was apparently discovered by Project Zero: https://bugs.chromium.org/p/project-zer ... d=1139#c25
CloudFlare's blog post about it: https://blog.cloudflare.com/incident-re ... arser-bug/
Lists of possibly affected sites:https://github.com/pirate/sites-using-cloudflarehttp://doma.io/2017/02/24/list-of-affec ... mains.html