I didn't connect or used Coinbase for months [...] but I just thought I should let you guys know because probably the Cloudflare leak has something to do with it.
If you accessed a website that employed cloudflare during the relevant timeframe, then when you entered your password on a cloudflare website, your password would pass through cloudflare and potentially be contained in another cloudflare website. If you did not access coinbase in the relevant timeframe, then your password could never have passed through cloudflare and thus could never have leaked onto another cloudflare site. The only time that your password could have leaked is when you entered your password, after that only your authentication cookie could have leaked, which ideally was revoked/invalidated when the issue was discovered.
A much more likely scenario is that your password to another website/exchange was leaked, and someone tried that same password on your coinbase account. Even if you use similar but different passwords across accounts, this vector would be possible.
