Change your passwords. Right now

Cloudflare’s massive web services and security systems memory leak can reveal user data from thousands of sites. In other words: it's time to change your passwords .

There is still a lot to learn about the extent of the possible harm to this leak, which Cloudbleed already called - similar to Heartbleed that took place as early as 2014. However, even what is already known is very alarming - a part of the leak that possibly contained user data could get into the cache search engines. This potentially allows for greater dissemination of private data than the leak itself.
')
Cloudbleed has been detected February 18 By Tavis Ormandy, security analyst at Google Project Zero. How exactly the memory leak was detected and corrected in detail is described in detail in this post (English). According to Cloudflare, “the largest amount of leakage was from February 13 to 18, with about 1 out of every 3,300,000 HTTP requests through Cloudflare (this is about 0.00003% of all requests, or about 100–200 thousand private pages per day).”

Although there is still no official list of affected sites, but many services ask users to change their passwords independently of Cloudbleed. User Github published a list of sites (English) compromised, in his opinion and with the proviso that "just because the domain is in the list does not mean that the site is hacked, and sites can be compromised, but not in this list." Based on the data collected, he claims that more than 4 million sites are at risk. According to Cloudflare itself, more than 1,000 domains have been compromised.

The most alarming thing about this is that even 2-factor authentication does not protect against this type of leakage and, presumably, also requires a password change.

Meanwhile, Cloudflare is trying to sweeten the pill by posting notes like "We also did not find any evidence of malware using this leak", although this is just what any big company that would be involved in such a giant leak would say.

The following are some of the more well-known sites that are believed to be at risk.

You can read the list, but it is better to change passwords first.

authy.com
coinbase.com
bitcoin.de
betterment.com
transferwise.com
prosper.com
patreon.com
bitpay.com
news. ycombinator.com
producthunt.com
medium.com
4chan.org
yelp.com
okcupid.com
uber.com
poloniex.com
localbitcoins.com
kraken.com
23andme.com
curse.com (and several other Curse sites, for example, minecraftforum.net)
counsyl.com
tfl.gov.uk
account.leagueoflegends.com
myaccount. nytimes.com
technicpack.net
cloudflare.com
blockchain.info
discordapp.com (leak confirmed)
digitalocean.com (data leakage not found in search engine cache)
namecheap.com (data leakage is not detected in the search engine cache)
glassdoor.com (data leakage is not found in the cache of search engines)
vultr.com (data leakage is not found in the cache of search engines)
tineye.com
feedly.com
thepiratebay.org
pastebin.com
upwork.com

UPD :

@PHmaster recommends:

Found such a useful service here: cloudbleed.imtqy.com
Shows which sites from the list of potentially compromised you visited.