Received alert: stolen account

Please note: This page is only for users who have been directed here by an email from the Fastmail team. If you have not received an email directing you to this page, please refer to our pages on account access issues, information on passwords, or phishing information instead.

You have been directed to this page because, unfortunately, our system has detected unauthorized access to your Fastmail account.

We have locked your account to protect it. This page details the steps you can take to regain access to your account again, and information on why this happened.

1. Check that there are no viruses or malware on your computer

One common cause of login information being stolen is a virus or malware on your computer or device. Bad actors can use this software to see what you type when you enter your password, and use it to log into your account themselves.

We recommend that you install up-to-date anti-virus software on any computer that you use to access your Fastmail account. Please run a full scan on all your devices to check that they are not infected with a virus or malware that steals your login credentials.

2. Reset the password on your account

To ensure your account is secure, please reset the password on your account to one only you know.

To do this, go to the account recovery screen and follow the prompts. The account recovery tool will send a password reset code to the recovery option you saved to your account earlier.

Once you have reset your password, your account will be unlocked and you will be able to use it as normal once again.

More information about stolen accounts

How did someone compromise my account?

Most compromised accounts are the result of one of the following:

  • Password reuse. Many sites these days use your email address as your login name. If that site is compromised, then the thieves get both your email address and a password. They then test if that password works at Fastmail, which it will if you re-used your Fastmail password at another site.
  • Phishing. Attackers sometimes write emails pretending to be official emails from Fastmail. These emails can be convincing, and can contain links to a website that is designed to look like the Fastmail website, but isn't. If you enter your password into one of these sites, the password will then be in the hands of attackers. For information on how to protect yourself from phishing attacks, see our page on phishing.
  • Malware. A virus or other malware can record everything you type on your computer and send it back to an attacker, including your username and password when you log in to Fastmail.

How do I stop my account being compromised again?

Our strongest piece of advice for stopping your account from being compromised again is never to use your Fastmail password at any other website. Email is the key to your digital life - if someone gains access to your Fastmail account, it's likely they can get password resets for all your other online accounts to be sent to your compromised Fastmail account.

This might include passwords for sensitive services, including financial accounts. This is why it’s particularly important that your Fastmail password is different to every other password you use online.

Because it can be hard to remember passwords for different sites, we recommend using a password manager to remember passwords for you and to generate a unique password for each service you use.

Most modern browsers have built in password managers. They’re worth using, or if you need more features, use a third party manager. Third party password managers are helpful because they work on all browsers and devices, not just the one you originally saved the password on.

Some good password managers include:

All browsers

Why did someone want my account?

Most of the time, attackers only use stolen accounts for sending spam. Spammers are quickly locked out from legitimate sending services like Fastmail, and trusted email services will not accept mail from known spam sources. For this reason, they try to compromise a large number of accounts so they can continue sending spam even if they are locked out from a few accounts.

In some very rare cases, accounts are stolen for other reasons, including searching for personal information. For this reason, we immediately block access to any accounts we detect as compromised or stolen.

Further information

For further information and assistance, please get in touch with our support team.

Was this article helpful?
4 out of 5 found this helpful