DNS record unauthorized changes from a hacker?

My audit log says that my own Cloudflare account was used to change my A record to redirect my website to IP address “80.66.81.104” which is for some weird “fundatingsite” website my antivirus blocks. But I didn’t do it. Why did it happen? I recieved an email about foreign login to my account so I enabled 2 factor authentication, yet it happened again. Is there really a hacker doing this, or is Cloudflare using my account to change my own DNS records without telling me? I will change my password too but I fear it will happen again even if I change my password. Has this happened to anyone before?

Not with that IP, if Cloudflare was changing the settings it would say “Cloudflare” under the actor and have a Cloudflare IP or a private IP. Furthermore, changing DNS records randomly is not something we do.

I highly suggest you follow this guide:

Notably, not only do you need to change your password but you also need to revoke or reroll any API tokens and reroll the API key.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.