BREACH - Unauthorized CNAME and TXT records have been added!

kevin37 · March 14, 2025, 11:49am

What is the name of the domain?

all my domains dns are affected

What is the issue you’re encountering

Unauthorized CNAME and TXT records have been added in my cloudflares domain dns

What steps have you taken to resolve the issue?

I removed the added cnames and TXT records, changed my password already.
I have 2-FA enabled, so how could they do this??

Attached a print screen of what they have added. And this in all my domains that i manage with cloudflare.

What feature, service or problem is this related to?

DNS records

Screenshot of the error

fritex · March 14, 2025, 11:22pm

Did you shared your API key somewhere or to some 3rd-party service provider?

I’d suggest you to follow the steps from below article to secure your Cloudflare account, change password, add 2FA and rotate API keys, following the procedure to review the Audit Logs as well for more details what has happened:

kevin37 · March 14, 2025, 11:35pm

Thank you, i will check that guide. I just found under account home → manage account → audit log → logs that from this 196.89.226.104 the dns records where made.

I already changed my password, 2FA has been activated. Only to discover that this evening again 4 records in all my domains where added.

I don’t think i shared an api elsewhere. I also already removed API tokens, i think i don’t use them anyway. but they where listed.

And also change the API keys global and origin this evening. So basically i did what your article said.

Topic		Replies	Views
MX, CNAME Hacked! Help Dashboard	1	533	November 13, 2023
Cloudflare deleted my domain – Re-adding the domain created 600+ records DNS & Network	4	168	May 16, 2024
My Cloudflare account was hacked? How it happen? Security dns , Account	4	2840	February 24, 2019
DNS record unauthorized changes from a hacker? DNS & Network	2	300	May 6, 2024
My DNS records being automatically deleted DNS & Network dns , Account	4	2721	August 17, 2018