Cloudbleed: massive data leak from thousands of sites
Dragan Wilde[UPDATE 1] Cloudflare claims around 150 sites were affected by this particular bug.
Today (24 Feb 2017) bugtracker found Cloudflare bug which, under certain circumstances, could leak your data to someone else's browser, including logins, passwords, private messages, cookies, hotel bookings, HTTPS requests, basically all kinds of sensitive data. It happened since 22th September. Thousands of sites which use Cloudflare to operate, including Uber, Fitbit and OK Cupid, are affected by this bug. Imagine this issue as walking into random restaurant and, at the moment of ordering, you'd see someone random's wallet with ID card or credit card info.
You're strongly advised to change passwords on all sites you use. Nobody knows if your password got leaked to someone else. (and probably it did)
If you want to know how many of sites you browse use Cloudflare, you should head on to http://doesitusecloudflare.com
##Is my Telegram account safe?##
If you didn't enable two step verification, your account remains fairly protected, however you're still encouraged to turn it on. (You can do it in Settings -> Privacy and security -> Two step verification). However if you turned on two step verification and you didn't use unique password for Telegram, you should change your password as soon as possible. There's no need to panic though, your account is still protected by SMS verification.
##How can I protect my accounts?##
First of all, you should never ever use password which is easy to guess, like qwerty, login1, zaq1@WSX, YourPetName123. You should also set up different password for at least bank account, email and instant messengers. Best option is to use password manager like KeePass, free and open source software available on every OS. It generates completely different random passphrases for each of your accounts and all you have to remember is one master password for your password base. If you're already supposed to change your all passwords, then why not give it a try? Head on to:
http://keepass.info/download.html
Site includes links to alternative password managers, including, but not limited to KeePassX: https://keepassx.org
and KeePassDroid: http://www.keepassdroid.com
You should set up as strong password as possible, avoid ones easy to guess. It's just one password that ou'll use often, don't be afraid to set up something hard. Just remember you can't recover database password in those apps, so make sure to write it down and put it somewhere safe.