|
Hello,
This is a
message from Netlify about your login on our systems.
We’ve
detected malicious access to your account by login via password, and have thus locked your login to prevent further access by attackers. Please set a new (different!) password at https://app.netlify.com/login/forgot-password
to unlock it. In case you log in using a Git provider, that will still work, and you can set a new password at https://app.netlify.com/user/settings after logging in, or you can leave the password unset to prevent password-based login
and choose to login only via your Git provider.
Please
note that we have also invalidated all API tokens as the attacker could have created and used a token while they had access to your login. We also strongly recommend setting up 2-factor authentication as described in
this documentation, which would have protected you against this attack.
The
changes we detected were to your DNS settings, shown at the below URLs:
{% for link in dns_admin_links %} - {{ link }}
{%
endfor %}
We’ve
removed the malicious records, and attempted to restore them to their former values. The attacker has also deleted some SPF, MX, and TXT records in some attacks which we couldn’t restore. So, if you use
our DNS hosting, you should review your settings to ensure that there are NETLIFY records for all hostnames for which you intend us to be serving your content, and that all other records are present and set to
your desired values, at the above URLs.
Please
respond to this email if you have any questions and we’ll be happy to work with you further.
|
