In the last week, I’ve received two “[Cloudflare]: Please verify your email address” emails from cloudflare to different emails at my company, however I don’t use Cloudflare and didn’t sign up to it.
A few days ago I received one to: [companyname]@gmail.com (a gmail address that I don’t use but which I registered a while ago, just to reserve it). This morning I received one to [email protected][companyname.com].
The emails look legitimate and the activate links do go to cloudflare.
In the first case, I didn’t click any links, went to cloudflare directly, performed a password reset and took control of the account. I’m about to do the same for the [email protected] account, but I want to know why someone is doing this.
Is there some kind of early stage attack under way? Are they probing for something? Why is someone doing this?
I contacted Cloudflare’s support email but haven’t heard back yet. When I received the second account attempt this morning I thought I’d reach out to the community and see if anyone has experienced this before. I can write one off as a mistake, but when it happens again it seems that someone is doing this intentionally.
Do you have any thoughts or suggestions?