Once again, there's been a major data breach, and this one was so bad that Google started indexing people's private data, making it searchable (not Google's fault, and they're working around the clock to scrub it). The breach is linked to a vulnerability in Cloudflare, which has several uses but is most commonly used as a Content Delivery Network. I was alerted to it early Friday (yesterday), and at the time it looked like a problem just for webmasters using Cloudflare. Now we know it goes way beyond that. Here is the list of suspected sites affected by the breach.
The Good News: It appears that this was caused by a software bug in Cloudflare's code, and was not a deliberate hack. Engineers at Google discovered the vulnerability and notified Cloudflare, and Cloudflare was able to contain the leak within 44 minutes and completely patch the system in 7 hours.
If you're as tired as I am of these constant breaches, it's probably time to move to a password manager. LastPass is the best known password manager and it's very good, but Dashlane is my preference. I've met the CEO and I got to know their operation a bit while I was living in Paris, and these guys live, eat, and breathe security.