Posted 4 weeks ago
I raised this in the staff forum this morning.
The risk of information leakage is very low, though there have been a few examples of sensitive data being cached by Google and other services these appear to be the exception rather than the norm.
However for the sake of safety I would recommend people log out of any current sessions involving potentially affected services- including GTAForums and Discord- deleted cookies and then logs back into generate a new authentication token. This will mitigate the most significant possible risk, which is that user sessions could be hijacked.
If you'd feel happier also resetting your password I wouldn't discourage it, but currently don't think it is necessary.
Myself and a few others have also noticed that providers such as Google have been resetting tokens for user accounts associated with services using CloudFlare. This is not a password reset, simply an expiring of an existing auth token and a forcing of users to log back in. The advice above mirrors what other providers appear to have been doing in response to this bug disclosure.
If anyone wants more information or to discuss anything they suspect may be related, feel free to post in this thread or send me a PM.
Spider-Vice, Nico, GTAKid667 and 6 others like this