My account has been compromised
If you suspect that your account has been accessed by an unauthorised party, it's best to take action as quickly as you realise this might be the case. For this, please make sure to follow the below steps.
How can someone get your login credentials?
An unauthorised party can get into possession of your login credentials through a data leak on another service, for example, by getting access to your mailbox or through phishing. This could happen by installing malware on your device that records everything you type etc.
What to do if you believe your account has been compromised?
- Double-check to ensure the access was unauthorised and wasn't a colleague or another employee accessing the account unexpectedly.
- If you're certain the account has been compromised, reach out to us from the email address associated with your account and explain what happened.
- Provide as many details as possible – did you notice unusual emails being sent from your account? Were additional contacts added to your account without your authorisation? Did you see any unexpected charges on your card?
What will we do after you report unauthorised access?
We'll temporarily limit your account to ensure that no further campaigns are sent while we investigate the case. We will also sign out any existing users and prevent any new sign-ins. Once we ensure your account is secure, you'll be able to reset your sign-in details and access it as usual.
After confirming unauthorised access to your account, we'll refund any fraudulent charges.
What should you do after you regain access to your account?
- Reset your password and choose a brand new, secure password that you're not using anywhere else.
- Set up two-factor authentication for your account – this ensures that all future unrecognised sign-ups will require a code generated in an authentication app on your smartphone.
- Delete all API keys connected to your account and create new ones.
Once you've completed all these steps, we will reactivate your account.
How to prevent your account from being compromised?
- Download an authentication app and set up two-factor authentication (2FA) for each user in your account.
- Use a different password for each service. Never use the same password across multiple platforms.
- Never share your password with anyone, not even with us.
- If multiple people need access to your account – create separate user accounts for each person.
What does EmailOctopus do to ensure your account's security?
- All confidential user data (such as your password) on EmailOctopus is encrypted and stored in secure databases.
- We use email-based two-factor authentication verification for all accounts when we detect an unusual sign-in.
- We automatically check all sent campaigns for fraudulent content.
- We monitor all new subscriptions made on all accounts.
Your account's security is extremely important to us, and we take extra measures to help you protect it. Please consider implementing the measures listed above to ensure its security on your end, too.