It would be nice if they actually TOLD us their recommendations with the exact actions to take to protect our accounts. This is just a blanket statement that is going to result in confusion as to what "action" there is to take.
Does anyone have an action plan yet?
From OP:
Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system—including logs, tokens or passwords—should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel.