Cloudflare, is a service that helps optimize the security and performance of more than 5.5 million websites along with providing denial of service attack protection. A Cloudflare security bug was reported yesterday which may have resulted in memory leaks that could have contained private information and even cached by search engines. The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).
BolehVPN had ceased using Cloudflare at the end of January due to privacy concerns so we are outside the stated period but as Cloudflare’s leakage may have been active since 22 September, we are strongly advising users to change their passwords as a security precaution.
To clarify, the bug was at Cloudflare’s end, not BolehVPN’s and we were not using Cloudflare during the period of greatest impact.
You can read a more detailed post on Cloudflare’s bug here.