Have other free users also received this email?
check https://dash.cloudflare.com/?to=/:account/my-activities
I did find an email from Cloudflare in April 2011 (seven months after CF started to offer services) which was a response to a support request. I guess that things have changed in the intervening years so that the original link to keep track of my support request no longer works!!
I'll give them a break on this!
I actually do have a support case history with them, and I’d like to review what data has been lost. I’ve been a customer for over a decade. I have no clue what was in that history because I’ve filed numerous tickets over the years. They have made that impossible without paying them, even if you’ve paid them in the past.
They clearly failed to test their process on each account type.
I guess we could send individual data subject requests to their DPO, but that is probably more costly for them.
Important to remember that security practitioners and vendors are actually on the same team when it comes to criminal behavior, and maybe it’s better to treat others with grace.
1: https://blog.cloudflare.com/how-cloudflare-mitigated-yet-ano...
Does anyone have an action plan yet?
Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system—including logs, tokens or passwords—should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel.
htrp•5mo ago
Great response
> We are responsible for the choice of tools we use in support of our business. This breach has let our customers down. For that, we sincerely apologize. The rest of this blog gives a detailed timeline and detailed information on how we investigated this breach.
And a mea culpa for their 3rd party vendor choices (impressive)