Cloudflare reveals the extend of "Cloudbleed," the bug leading to the mass leaking of encrypted browsing sessions-- it was triggered over 1 million times in the past 6 months before it was patched.
According to the post-mortem by Cloudflare CEO Matthew Prince there is "no evidence" the bug was maliciously exploited, even if it had the "potential to be much worse." In total the bug was triggered 1.2 million times from 6500 websites, and the company is still going through Google, Microsoft Bing and Yahoo search engine caches to scrub leaked data off the memory of cached sites.
“We’ve successfully removed more than 80000 unique cached pages," Prince writes. "That underestimates the total number because we’ve requested search engines purge and recrawl entire sites in some instances."