In order to improve service, we were working to change how our pages were cached. We worked with our partner web CDN to make these changes. Unfortunately, during the update process our caching ruleset was not obeyed by our CDN partner, and some pages that should not have been cached were cached after this update. If you were logged in during this time, there was a very slim possibility that your user-specific information, such as stream key and password hash, were exposed in these improperly cached pages.
So, finally got everything working after an hour of constantly changing and resetting my password... The biggest thing I still don’t get about all this – how the fuck would this caching issue potentially reveal a password hash? If a hash if viewable on demand to the user, that’s an even bigger security flaw than a caching error!