Cloudflare was disclosing a lot of private data, including login passwords and authentication cookies.
Uber, Fitbit, 1Password, and OKCupid are just a few of the big names affected by the Cloudbleed security flaw in Cloudflare servers.
Because mobile apps are created with the same backends as browsers for HTTPS (SSL/TLS) termination and content delivery, they are likewise impacted by Cloudbleed.
The fact that Cloudflare directed Ormandy to the company's bug bounty programme and offered the expert a t-shirt as payment in lieu of cash is highly unusual.
Source: https://securityaffairs.com/56617/data-breach/cloudbleed-cloudflare-flaw.html
TPRM report: https://scoringcyber.rankiteo.com/company/uber-com
"id": "ube634191123",
"linkid": "uber-com",
"type": "Data Leak",
"date": "02/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Transportation',
'name': 'Uber',
'type': 'Company'},
{'industry': 'Fitness Technology',
'name': 'Fitbit',
'type': 'Company'},
{'industry': 'Cybersecurity',
'name': '1Password',
'type': 'Company'},
{'industry': 'Dating',
'name': 'OKCupid',
'type': 'Company'}],
'attack_vector': 'Exploitation of Cloudflare servers',
'data_breach': {'type_of_data_compromised': ['login passwords',
'authentication cookies']},
'description': 'Cloudflare was disclosing a lot of private data, including '
'login passwords and authentication cookies. Uber, Fitbit, '
'1Password, and OKCupid are just a few of the big names '
'affected by the Cloudbleed security flaw in Cloudflare '
'servers. Because mobile apps are created with the same '
'backends as browsers for HTTPS (SSL/TLS) termination and '
'content delivery, they are likewise impacted by Cloudbleed.',
'impact': {'data_compromised': ['login passwords', 'authentication cookies']},
'title': 'Cloudbleed Security Flaw',
'type': 'Data Breach',
'vulnerability_exploited': 'Cloudbleed'}