I have reported this to Support (1457273) but the response is not very helpful nor taking the matter seriously! Now been waiting for 4 days for a response hence resorting to the community!
One of our Domains disappeared from our Accounts and was pointing the domain to a different server. My initial thought was that the domain was hijacked at domain level but this was not the case, domain is still owned by us and pointing to the two NS Servers specified by CF.
Now what seems like a reasonable verification method in my mind might be a huge security flaw!
When you normally add a domain to your account you simply enter the domain and it copies all existing records, you then change the NS records to point to the specified CF NS servers to confirm you own the domain and you are done!
Now is there a Security Flaw here?
If another customer of CF which uses the same CF NS Server Combination they can simply take your domain, change the NS Records and point it to a different server! Why? Because the verification is complete, the domain already has these NS Records!
So how did I get the domain back in my account? Did CF offer any help? No, they did not!
I just added it to my domain and it returned to my account, it lost all of the NS Records so I had to manually recreate them!
I would really like to hear from others on whether this is plausible as I have no other explanation for what happened and as CF is not taking this seriously I will have no alternative but to move all my personal as well as paid company domains away from CF.
Thanks for your input!