Posting here as it affects patreon , but because of a cloudflare error , since September 5 million sites have been puking out https data . any password entered on an affected site from that time should be presumed compromised. you can and probably will learn more on social media under the tag cloudbleed.

A few more compromised sites that might be relevant to users here:

Here is a list @ChrisMRobinson shared on discord

Authy.com is on the list too.

just the top 10 k are there. do not presume if a site you use is not on there you are off the hook.

case in point, greenmangaming . personally just presume everything is compromised. uber, fitbit etc

Yes its not a complete list, a lot of sites use cloudflare I am told.

Many sites on the internet use cloudflare. Mainly to prevent DDoS Attacks and improve performance.

But as the disclaimer on the aforementioned list reads:

This list contains all domains that use cloudflare DNS, not just the cloudflare proxy (the affected service that leaked data). It’s a broad sweeping list that includes everything. Just because a domain is on the list does not mean the site is compromised, and sites may be compromised that do not appear on this list.

Being vigilante in the next days is important, as the possible affected sites investigate the possibility of data breaches.
Hopefully they inform their customers. If not, one can always start a “change all the passwords” run in the following days.

Do you know: http://www.doesitusecloudflare.com/?

Those incidents are always a good reason to rethink one’s own password strategy. (Password Strength, Using 2FA, Password Storage & Recovery)