Moodle HQ recently became aware of a global security bug issue in Cloudflare. Details of the issue are here - https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
Moodle uses some of Cloudflare’s services, but please note that the majority of systems have not been impacted by this issue.
Moodle HQ believes that moodle.org or moodle.net passwords were NOT affected, however, we highly recommend that if you do have accounts for both or either sites to:
- Change your passwords
- Make sure that you do not have the same password across multiple sites
If you have further queries please post your questions here or follow @moodlesites on Twitter for any necessary updates.
For those interested in this in general, here is the list of domains using Cloudflare services that are possibly affected by this issue: https://github.com/pirate/sites-using-cloudflare. There are some very popular sites on that list.
An important step to take in this situation is to log out of any of those sites that you regularly visit to clear your session information; then change passwords. (And consider enabling two factor authentication on them if they support it.)
Glad to see Moodle stepping up and informing people about this!