Maybe @shri can sticky that since Geo uses cloudflare.
No idea how the details work, but some cloudflare flaw has allowed attackers to get cached passwords from most sites using cloudflare's services.
Patreon, Uber, Yelp, Coinbase, Fitbit etc are affected
Cloudflare data leak potentially exposed trove of passwords, personal information for months | PBS NewsHour
https://techcrunch.com/2017/02/24/ho...oudflare-leak/