One of my client’s Webflow accounts has been hacked. The attacker set up 2FA authentication, changed the password, and attempted to change the email address, though they haven’t been able to do so yet.
I am currently unable to log in to the account. When I try to reset the password using the “Forgot Password” option, the reset process works, but it then asks for the 2FA code. Since I didn’t set up 2FA myself, I do not have access to the 2FA code.
Can anyone please assist me in resolving this issue as soon as possible? There are multiple sites associated with this account, and all my websites are at risk.
I’d expect 24 - 48 hours, but you might get lucky.
Keep in mind that the support desk gets a lot of requests, and that account access requests require special handling for security.
Trying to figure out how you might have enabled 2FA without knowing it. Is it possible you’re using a Google OAuth login and have enabled 2FA there? If so you should be able to login to Webflow using that same email in the standard email+password login and do a password recovery.