The good news is that hackers do not appear to have taken advantage of a severe Cloudflare security bug that would have given them access to sensitive customer data including passwords and authentication tokens. The bad news is that the bug was only recently discovered, which means it went undetected for nearly five months.