Cloudfare is a firewall service for websites. If you use Cloudflare, your site visitors may have had their data leaked…  I’m not going to reinvent the wheel to give you all the details, just point you to the Wordfence article, which is very complete (including how to repair the data leak)

I’ll include that part, since it’s simple: If you use Cloudflare, and you have a WordPress website, Change your wp-config.php salts. This will log everyone out and invalidate cookies and sessions. This protects you and your site members in case any of their cookies have been stolen. Once you make this change, an attacker will no longer be able to use stolen session cookies from your site to sign in. 

If you want more information, including what to do if your site is based on something other than WordPress, follow this link: