Posted February 24, 2017
https://blog.discordapp.com/safety-jim-psa-cloudflare-security-issue-77a4ecc48298#.uttnkw6ol
"The Important Technical Bits From Our CTO Stan:
Cloudflare disclosed today that they have fixed a bug reported by Google’s Project Zero that was very rarely exposing sensitive information in random requests (0.00003% of all requests) since September 2016. There was no way to target specific information and the exposed information was random.
For those that are unaware Cloudflare is an internet proxy that protects website from malicious attacks such as DDoS. Discord and many other websites were affected by this vulnerability. You can find a full list of websites that are using Cloudflare here.
The likelihood that your information was leaked on any of these sites is very low, but we highly recommend changing your password on Discord and any other sites you use that also use Cloudflare. If you develop against the API on any of the sites, it is also recommended to reset your API key.
At the current time we do not believe performing a forced password reset on all of Discord is necessary given the incredibly low likelihood of impact, but we are continuing to evaluate as we wait for Cloudflare to provide us directly with the full level of impact.
Stay safe on the internet!"
"The Important Technical Bits From Our CTO Stan:
Cloudflare disclosed today that they have fixed a bug reported by Google’s Project Zero that was very rarely exposing sensitive information in random requests (0.00003% of all requests) since September 2016. There was no way to target specific information and the exposed information was random.
For those that are unaware Cloudflare is an internet proxy that protects website from malicious attacks such as DDoS. Discord and many other websites were affected by this vulnerability. You can find a full list of websites that are using Cloudflare here.
The likelihood that your information was leaked on any of these sites is very low, but we highly recommend changing your password on Discord and any other sites you use that also use Cloudflare. If you develop against the API on any of the sites, it is also recommended to reset your API key.
At the current time we do not believe performing a forced password reset on all of Discord is necessary given the incredibly low likelihood of impact, but we are continuing to evaluate as we wait for Cloudflare to provide us directly with the full level of impact.
Stay safe on the internet!"