tl;dr CloudFlare has stated that Adafruit’s sites were *NOT* part of the CloudFlare issues.
Adafruit uses CloudFlare’s proxy service to reduce server load and provide a faster browsing experience for customers using the Adafruit blog and shop.
CoudFlare announced that a major leak was detected in their network which affected a number of sites using their proxy service (https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/).
According to CloudFlare, only a small number of sites were affected. After contacting them, CloudFlare engineering confirmed that *NONE* of Adafruit’s domains were in the affected zones.
== EMAIL FROM CLOUDFLARE = REDACTED NAME
Feb 24, 5:49 PM GMT
Hi, Thanks for contacting Cloudflare Customer Support. We have notified all the customers the were affected by the memory leak and I can confirm the zones on your account were not one of them. Our CTO John Graham-Cumming has published all of the information we have here:
Please let us know if you have any other questions.
– Cloudflare Senior Support Engineer
Adafruit takes protecting your data very seriously, we took the following steps in an abundance of caution:
Disabled CloudFlare proxy service on the Adafruit Accounts system.
To defend against the possibility that active session cookies were leaked, we closed all active user sessions across Adafruit’s websites.
Check the list of potentially affected sites (https://github.com/pirate/sites-using-cloudflare) and change your password for any of those sites.
Change your passwords (we always recommend that you use strong and unique passwords for each site that you use; please don’t reuse your Adafruit website anywhere else).
Adafruit has made a pull request to the folks that list us on the “sites-using-cloudflare” (https://github.com/pirate/sites-using-cloudflare) list including the note from CloudFlare support indicating that we were not affected by the memory leak.