Web services company Cloudflare revealed late yesterday that it had experienced a large-scale memory leak. About two million websites use Cloudflare for services like content delivery and Internet security. Creative Commons uses Cloudflare, and we investigated this issue as soon as it was reported.
We have not found any cause for concern—as far as we know, CCID login data was not exposed. And because our donor data did not touch the Cloudflare service, we do not believe it was ever at risk. Additionally, Cloudflare has contacted us directly and informed us that we are not among the sites they know of that were affected by the leak.
Despite this, out of an abundance of caution, we are requiring all CCID users to reset their passwords. We are sending emails to CCID users asking them to do this immediately by going to login.creativecommons.org.
If there are any changes, we will be in touch to let you know. For more information about the Cloudflare memory leak, read the company’s incident report.