I’d be glad to provide an extensive explanation of every site… could I possibly get a list?
I think there was at least 10… and maybe 15? I was about to add a new site for a run I’m doing next month to get like ~10 folks excited about the outing. So it’s mostly small silly stuff like that.
Hi, @crigger. I’m un-listing this topic so it won’t show up on searches on on the list of topics but people with the direct URL can still visit the page. This is being done to make this topic more private and we can move to a completely private helpdesk ticket if that is preferable.
I now also do see successful logins for the email address you are using on this forum. Have you been able to login now?
I strongly recommend that you enable two-factor authentication (2FA) for your login at Netlify. There is documentation about how to do so here:
I recommend 2FA because it sounds like someone was able to access your login at Netlify and make setting changes on your account. If so, this could only be done if the other person had your login credentials. Those credentials might have been shared with someone intentionally or you might have been the victim of a crime. Which it was, however, that I do not know.
If you have allowed someone else to login to your account at Netlify intentionally, then you will be responsible for paying for the Analytics charges. If you were the victim of a crime, we suggest you report the theft of the access credentials to law enforcement and let us know. If you report this to law enforcement (and also enable to 2FA to prevent this from happening again), we can refund those charges.
I recently had a hiccup where I was flagged (in what turned out to be false positive) for spam. Prior to that— I only ever logged-in using my Github account. (which did have two-factor-authentication enabled in the Github environment)
When my account was shut down (again, a mistake) it appears that the Github account integration was severed.
After my support request regarding my account being banned— the investigation, and reactivation, these charges appeared immediately and all at once.
I wasn’t able to access my account using normal means (Github) and followed a separate set of instructions to “reset” or in actuality, “set” a password for the email associated with the previous Github integration, which then allowed me to restore the Github auth.
When I accessed my account (hours later)… the analytics services had been deactivated. This morning I enabled the 2FA on the Netlify account now associated with email.
I did not and do not share my login credentials with anyone.
Just to be clear— you’re suggesting that in the small window that y’all were actively reactivating my account… a criminal was able to access this account and decided to activate Analytics service on some of my websites, and then immediately deactivated the analytics services without doing anything else malicious? Using a secure (generated) password from LastPass?
Do you think it could have been anything else that caused this?