My Cloudflare account was hacked today.. HELP!

My cloudflare account was hacked and they changed my MX records so I couldn’t reset anything.
I created a new account with another email address (I assume this was my backup emails as I seem to have gotten access to my domain and have tried to change everything back as best I can…

I’m worried that all I had to do was setup a new account and seemingly got access to the woman, shouldn’t I have been asjked to prove something?

The changes haven’t propagated yet so I don’t know if I have actually got control back or not…

If anyone can help I would be extremely grateful…

If you had previously allowed access to the other account to this one, no. Otherwise they mostly require proving the ability to control the domain, so changing the name servers…

So I could be on the right track to getting everything back?

How long till the MX records should update?

Pretty much instantly (+ the defined TTL), some DNS caches will keep them around for longer, but for all intents and purposes that time is more than fine.

Probably, yeah. You should hope they haven’t changed the e-mail on file. Also, enable 2FA.

Thanks for your help guys…

I have setup 2FA, changed the MX records an hour ago and they haven’t updated, any idea what I may have missed…

Although I deleted everything out of the DNS info so maybe I have to add something else in to get it to work?

Does the domain actually show as active in your dashboard?

Please see attached…

Well, they won’t change until you change name servers at your registrar. This isn’t yet active.

Note that you will lose every single DNS record (as this is basically a new domain for Cloudflare). If you’ll be able to recover the old one you might then move it back recovering what is left there.

This is where I’m confused… Cloudflare was my registrar… When I got access to it I could see what they had changed and I deleted everything…

Oh, then this is bad. I have a fear you’ll never get it back.

Seriously? There is nothing I can do?

I have escalated it, lets see the actual support staff if there is something they can do. Personally I can’t think of anything else that we (as in you and me) can do.

Thanks for your help man… What a nightmare…

1 Like

I can totally get that. Make this a lesson for the future as well. Enable 2FA everywhere, use per-service passwords and make them as hard as they can (random from a password manager is the best idea).

I thought I had… lol … feel sick and overwhelmed… :frowning:

Actually I have 2FA setup on the original username, how the ■■■■ did they lock me out… is there a way I can use the auth app or the recovery codes to get back in?

You must had left a lot of information vulnerable, hackers do pry for weeks at information till there’s an algorithmic break in the networks compromising your data.

Daily 20K attempts at my SSH but the ports are blocked so it’s a fun show… But in your case you need to get in contact with CloudFlare and fast, this is a full on hi-jack.

I’ve tried to no avail… this forum was suggested as the best method…

Yeah piece of advice, don’t deal with Cloudflare for your domain needs, seems great at first but their support does not make situations like these acceptable. Hopefully you don’t wait weeks.

I won’t promote another registrar but perhaps go search for one and switch it over to another host to keep it safe, fast turn-arounds/etc.