Long story short, it’s recommended that you change your passwords whether you use Cloudflare or not.
A memory leak from company Cloudflare might have exposed user data several (thousands) sites using the service. Some of the leaks, which could have included user data, were possibly cached by search engines.
This security issue was discovered by Tavis Ormandy – Google’s security analysis team Project Zero. According to Cloudflare, in a blog post, “the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage.”.
Here are a few of the sites believed to be at risk (source: WPTavern). If you have an account registered with these websites, change the password NOW. In fact, even if it’s time-consuming I think I’m not overreacting when I say it’s time for a global password change, once in a while we should all take care of this task.