As you may have heard, there was a security incident on one of the services that TADS uses, Cloudflare. This security incident potentially exposed data from a small set of specifically-configured websites — Cloudflare has been in contact with TADS to confirm our services were not affected and no data was leaked. This is of course great news. We will continue to monitor the situation and update our users with any new information.
For more technical information, please see the Cloudflare blog on the incident here: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
March 1st update from Cloudflare:
Based on our analysis so far:
• We have found no evidence based on our logs that the bug was maliciously exploited before it was patched.
• The vast majority of Cloudflare customers had no data leaked.
• After a review of tens of thousands of pages of leaked data from search engine caches, we have found a large number of instances of leaked internal Cloudflare headers and customer cookies, but we have not found any instances of passwords, credit card numbers, or health records.
• Our review is ongoing.