Sensitive personal data including cookies, API keys, and passwords has been leaked by web optimization giant Cloudflare. The company — which provides SSL encryption to millions of sites across the internet — announced the leak in a detailed post on its blog last night. The company said that it had not yet identified any malicious uses of the information, but noted that there was an additional problem because some of the data had been cached by search engines.

The problem was initially spotted by Tavis Ormandy, working for Google's Project Zero security initiative, on February 18th, but the flaw may have been in effect as early as September 22nd last year. Cloudflare says the biggest outpouring of information started on February 13th when a shift in code meant one in every 3,300,300 HTTP requests potentially resulted in memory leakage — a significant figure for a network the size of Cloudflare

http://www.theverge.com/2017/2/24/14723184/cloudflare-leak-cloudbleed-passwords-dating-site-messages