Secure compromised account
If you observe suspicious activity within your Cloudflare account, secure your account with these steps.
For more guidance on changing your password, refer to Change email address or password.
When there is more than one active session associated with your email account, you can revoke any session that is not the current session.
To revoke a session:
- Log in to the Cloudflare dashboard ↗.
- Go to My Profile > Sessions.
- On a specific section, click Revoke.
- You will be prompted to enter your password before revoking the session.
To prevent future compromises, make sure that you have Two-Factor Authentication (2FA) enabled on your account.
If your API key might be compromised, change your API key:
- Log in to the Cloudflare dashboard ↗ and go to My Profile > API Tokens.
- In the API Keys section, find your key.
- Select Change.
If your token is lost or compromised, you can either create a new token or roll your token to generate a new secret. Rolling your API token into a new one will invalidate the previous token, but the access and permissions will be the same as the previous API token.
To roll your API token:
- Log in to the Cloudflare dashboard ↗ and go to My Profile > API Tokens.
- Next to the API token you want to roll, select the three dot icon > Roll.
- Select Confirm to generate a new API token.
To access audit logs in the Cloudflare dashboard:
- Log in to the Cloudflare dashboard ↗ and select your account.
- Go to Manage Account > Audit Log.
You can search these audit logs by user email or domain and filter by date range. To download audit logs, click Download CSV.
If you notice any settings were changed, you should undo those changes.