Cloudflare security vulnerability

At Salesforce, trust is our #1 value and we take the protection of our customers' data very seriously. On February 23, 2017, Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies. Cloudflare has mitigated the vulnerability. Information regarding the vulnerability can be found here:

Incident report on memory leak caused by Cloudflare parser bug

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Salesforce has completed an investigation into the impact to Salesforce customers, and we have communicated our findings directly with any impacted customers. 

That said, if your organization uses Cloudflare, it is a good practice to consider the potential that the credentials you use to access Salesforce may have been exposed. In particular, you should review any integration points with Salesforce where your applications might use "OAUTH" authentication. In certain configurations, it possible that your use of Cloudflare could result in information being exposed. Similar issues could also exist with third-party services that you have integrated with Salesforce, which in turn, use Cloudflare. 

If you believe that your integrations may have exposed data, consider resetting all Salesforce OAUTH tokens, as documented here:

Manage OAuth-Enabled Connected Apps Access to Your Data

https://help.salesforce.com/articleView?id=remoteaccess_request_manage.htm&language=en&type=0

We will provide additional details through our standard communication channels as needed. We appreciate your trust in us as we continue to make your success our top priority.