The bug occurred in an HTML parser that Cloudflare uses to increase website performance. Interested persons had access and possibly collected a variety of very personal information that is typically encrypted or obscured. Some of that data was automatically cached by search engines. The leak may have been active as early as Sept. 22, 2016, almost five months before a security researcher at Google’s Project Zero discovered it and reported it to Cloudflare. Cloudflare’s massive customer base includes categories like dating websites and password managers, which host particularly sensitive data. Cloudflare discovered no evidence that hackers had discovered or exploited the bug, noting that Cloudflare would have seen unusual activity on their network if an attacker were trying to access data from particular websites. Cloudflare’s teams in San Francisco and London had stopped the most severe issue within seven hours but six days were necessary to eliminate the bug.