Yeah, things like that keeps happening, so guess we'll need to change our passwords rather often? Oh well.
Another thing to do, many sites offer two-factor authentication, you might use that as well.
Concerning CodeWalrus, we do use Cloudflare for our DNS, but we don't really use the other features, but I still changed the password as a precaution. Well, that and the fact my other sites are on that account and they're even more potentially vulnerable.
Oh, also on that note, SHA-1 has been cracked. So stop using SHA-1.