Cloudbleed is the latest internet bug that puts users private information in jeopardy. The bug was fixed by the Cloudflare team on February 20, 2017 at 21:59UTC.
As a security best practice, we recommend that all users change their IAM user console access passwords after any sort of security event. Changing passwords limits how long a compromised password is useful to an attacker (or how long they potentially have access to your account).
Users should be asked to change their passwords if they haven’t done so since February 22, 2017.