I'm glad to see an article that isn't all puppies and kittens, this wasn't a fun thing to deal with and certainly wasn't anticipated. The CloudFlare team did a great job responding to it IMHO.
"Of the 1,242,071 requests that triggered the bug, we estimate more than half came from search engine crawlers."
This is very important to sort out, most people don't think about security much less the storing of credential or identifying data by search engines, this is a huge part of the incident response.
I think that what we should take away from this is that even though the bug existed it was responded to in a reasonable manner.
"Of the 1,242,071 requests that triggered the bug, we estimate more than half came from search engine crawlers."
This is very important to sort out, most people don't think about security much less the storing of credential or identifying data by search engines, this is a huge part of the incident response.
I think that what we should take away from this is that even though the bug existed it was responded to in a reasonable manner.