I want to add that Cloudflare personally sent out emails to all affected parties, as well as those that were unaffected. Here's an excerpt from the email sent to MP:
"In our review of these third party caches, we discovered exposed data on approximately 150 of Cloudflare's customers across our Free, Pro, Business, and Enterprise plans. We have reached out to these customers directly to provide them with a copy of the data that was exposed, help them understand its impact, and help them mitigate that impact.
Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found."
"In our review of these third party caches, we discovered exposed data on approximately 150 of Cloudflare's customers across our Free, Pro, Business, and Enterprise plans. We have reached out to these customers directly to provide them with a copy of the data that was exposed, help them understand its impact, and help them mitigate that impact.
Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found."
are you saying we dont need to do those changes like password, app secret and 2FA?
This is what i get from cex.io about 2fa
Quote
Important! Security Alert
Dear user,
Following a bug discovered in Cloudflare DDoS protection system, we strongly advise that you update security on your accounts. Please do the following at the nearest time:
Change password
Reset your 2FA key (disconnect 2FA and connect it again)
Renew your API keys (that also concerns mobile app users, please disconnect and reconnect it to CEX.IO)
Although the bug affected only a very small percentage of connections, safety is the first priority, and we recommend updating your security settings on all affected services.
The issue has already been repaired by Cloudflare, so there is no danger at this moment.
Dear user,
Following a bug discovered in Cloudflare DDoS protection system, we strongly advise that you update security on your accounts. Please do the following at the nearest time:
Change password
Reset your 2FA key (disconnect 2FA and connect it again)
Renew your API keys (that also concerns mobile app users, please disconnect and reconnect it to CEX.IO)
Although the bug affected only a very small percentage of connections, safety is the first priority, and we recommend updating your security settings on all affected services.
The issue has already been repaired by Cloudflare, so there is no danger at this moment.
thx bunt
but cex is not MP and my question would be if I need to renew 2FA with MP is it easy to do? like disable 2FA and enable again 2FA?
will it be that simple?
If you would like to change your 2fa change it.
( very much appreciated )