My account has been compromised, what should I do?

When a Brevo account has been compromised (also known as "hacked") it means that it’s been accessed by someone who is not authorized to use it. 

If we identify any fraudulent activity on your Brevo account that makes us believe that it was compromised, we will temporarily suspend it. We will also send you a notification email, create a support ticket, and display the following message on your account:

important.png Your [transactional or marketing] account is temporarily suspended because of suspicious activity
To protect your account, we temporarily suspended it. We opened a ticket to help you secure your account before we revalidate it. Check the ticket on your support page and follow the instructions in our help article about compromised accounts. Learn more about compromised accounts.

If your account isn't suspended but you think it has been compromised, check our dedicated section.

🔓 What to do if my account has been compromised?

❗️ Important
Your subscription will keep running even though your account has been suspended. Make sure to follow the steps below as soon as possible so that we can reactivate your account.

1️⃣ Change your password

The first thing you need to do if your Brevo account has been compromised is to change your login password. You can change it either by clicking I forgot my password from the login screen or from the My Profile page on your account.

2️⃣ Investigate the incident

Then, you need to investigate the incident internally to understand how it happened (password leak, API key leak, who has access to it, etc.) and what you can do to prevent it from happening again in the future.

Here's a list of things that we advise you to check:

  • Ensure that the hacker has not installed a script on your website;
  • Verify that your API keys and script have not been published in public mode on "git" platforms. If they have, you must publish them in private mode instead.
  • Confirm that malware has not been installed on your computer by running an anti-virus analysis.
  • If you have connected your SMTP to a service like Thunderbird or Outlook, run an anti-virus analysis.
  • Verify that all of your plugins, applications, or any other CMS (Content Management Systems), are up-to-date.
  • Run Detectify on your website, as it can point out some loopholes you may have.
  • If you use an external framework, such as Laravel, ensure that its environment was not left open.

3️⃣ Secure your account

Once you've found the source of the leak and fixed it, complete the following steps:

  1. Delete your existing API keys and create new ones.
  2. Enable two-factor authentication (2FA) to add a layer of security when logging into your account by providing an additional code only sent to you by SMS or through an authenticator app on your phone.
  3. [Recommended] Create a list of authorized IP addresses that Brevo can check to only allow API calls coming from these IP addresses.
  4. Contact our support team with a brief explanation of how your account was compromised, what fix you implemented, and how you're ensuring that it will not happen again in the future.

Once you've completed these steps, we'll go ahead and reset your master SMTP key, and reactivate your Brevo account.

🔒 Additional tips to keep your account secure

Once you’ve regained access to your Brevo account, try some of these tips to help keep it secure:

  • Use a strong password. You can check how secure your password is by heading to How Secure Is My Password. The site will let you know if your password is strong enough or if you should revise it to something more complex.
  • Use a password manager. It is helpful to use a password manager to keep track of your passwords for you. Most password managers can even generate strong randomized passwords for you.
  • Regularly run anti-virus analysis. Regularly running antivirus analysis on your device allows you to check if your device is infected with malware or a potentially unwanted program.
  • Check your trusted devices. Remove any trusted device you may have a doubt about. Removing a trusted device will automatically end any open sessions on that device and any new login will require two-factor authentication if you have enabled it.
  • Only log into your account from your own device. If you have to use a public or shared device, make sure you log out afterward.
  • Don't click suspicious links in emails or texts. Hackers often send links via email or text that look legitimate but allow them to steal your information once clicked on. As a general rule, never open links or download attachments from unknown senders.

🔎 My account isn't suspended but I think it has been compromised

Your Brevo account may be compromised if you notice suspicious behavior such as:

  • Your credentials stop working. When trying to log into Brevo, an error message says that you used an incorrect email address or password. When encountering this error message, always double-check your credentials to ensure they are correct.
  • Unfamiliar emails have been sent from your account. Sometimes, hackers don't change your password but take over your account to send spam emails or retrieve some of your information.
  • You receive a lot of complaints from contacts. If you receive an unusual number of complaints from contacts reporting your emails as spam, this might indicate someone else is using your account.
  • There are contacts in your contact lists that you don't remember adding. If you notice that additional contacts have been added to your contact lists, but you have not added them yourself, this might indicate someone else is using your account.
  • You receive random notification emails. Suppose you have received an unexpected password reset email or a random notification email from Brevo noticing a login attempt made from an unknown device. In that case, this might mean that someone is trying to access your account.
💡 Good to know
These signs could also be false alerts coming from the other authorized users on your account. If several users are using your account, contact them to ensure they have not made any of these changes to your account without your knowledge.

If you notice this kind of behavior on your Brevo account and you've confirmed that it doesn't come from other authorized users, contact our support team.

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

💬 Was this article helpful?

32 out of 72 found this helpful