Cloudflare was disclosing a lot of private data, including login passwords and authentication cookies.
Uber, Fitbit, 1Password, and OKCupid are just a few of the big names affected by the Cloudbleed security flaw in Cloudflare servers.
Because mobile apps are created with the same backends as browsers for HTTPS (SSL/TLS) termination and content delivery, they are likewise impacted by Cloudbleed.
The fact that Cloudflare directed Ormandy to the company's bug bounty programme and offered the expert a t-shirt as payment in lieu of cash is highly unusual.
Source: https://securityaffairs.com/56617/data-breach/cloudbleed-cloudflare-flaw.html
"id": "OKC642191123",
"linkid": "okcupid.com",
"type": "Data Leak",
"date": "02/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"