As you may have seen, there was a recent and widely publicised bug
in the Cloudfare service. You can read more about the bug here:
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
https://github.com/pirate/sites-using-cloudflare
Since the IETF uses Cloudfare for our public-facing website, you may
be wondering whether there are IETF effects.
I wanted to let people know that we performed an initial analysis
of the possible impacts on Friday. The site www.ietf.org is primarily
static and the more interesting content is at datatracker.ietf.org
and various wikis that are not hosted at Cloudfare. However,
we we realised that there are a few groups of users (such as
the ADs) who use IETF credentials on www.ietf.org.
Consequently, it is possible that some of these credentials were
compromised. We’ve taken the precaution of changing the
potentially affected passwords. As the analysis continues in
the starting week, if we identify further groups that may be
affected, we may be asking you to reset your passwords;
if you get such a request, please take action as soon as
possible.
For your information, datatracker passwords can always
be changed here:
https://datatracker.ietf.org/accounts/password/
Jari Arkko, IETF Chair