Unless you added a firewall rule to prevent it, you left a router on a public IP that will respond on port 80 with the factory default ID and no password? To make it worse, the login page identifies what type of equipment that is responding so even if a hacker does not happen to know the default password, a fast google search will give the answer.
I would put money that you got hacked. Reset it and start over....
For a little security, do these three steps:
Change the default ID AND password,
Add a firewall rule that blocks access to the router from the internet,
Change the services ports so you have to use a non-standard port to access the router.
BTW, that's just the first steps, but can be done in about 30 seconds....
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission
Warning: I know enough to be dangerous...