What are you doing or what should users do regarding the CloudFlare vulnerability?
How are users affected? What should we do apart from changing passwords?
(DigitalOcean is listed here https://github.com/pirate/sites-using-cloudflare)
Top question, curious of DO's recommendation.
At a minimum, rotating passwords that could have been exposed would make a lot of sense (and doesn't hurt anyway).
If you're running a site through Cloudflare yourself that allows users to login, invalidating sessions (to force a logout) probably wouldn't hurt, possibly opting to recommend a password change to your users (possibly too drastic). If you're running a site that storing potentially sensitive information, you would need to consider how you inform your users without making them worry - because, unless you know you were effected, its a precautionary measure. Cloudflare claims they will contact each site that is potentially part of the leak - not sure how true that is.
All of the above is not particular to DO though, so still keen on their input.
Cloudflare claims the discovered approximately 150 of Cloudflare's customers data has been compromised. and they are contacting each of them individually. unless they confirm you are in that list, i think you dont need to worry that much.
but you could always contact them regarding the issue for details.