An unknown user accessed my Kajabi account

Bryan N.

Updated

This article guides you through the process of securing your Kajabi account and resetting it to its original state.


In this article:


If your account was accessed by an unauthorized user

If your account was accessed by an unauthorized user, do not worry. You can rest assured that Kajabi takes these types of incidents seriously and devotes resources to ensure we notify you of unusual activity as soon as possible. If we identify any unusual activities on your account, we’ll send you an email or provide an in-app notification. If you did not receive a notification and feel your account may have been accessed by an unknown individual, be sure to send us an email at support@kajabi.com.

If an unauthorized user has accessed your account please contact us by submitting an email ticket.

The following steps contain all the information you want to include in your email ticket to our Support team, so we may secure your account and reset it to its original state as fast as possible. 


Step 1. Confirm your ability to log in

The first step to take in this situation would be to confirm that you can still access your Kajabi account by logging in.

This will allow you to review your account further to check the events that happened to your account. Given the robust features in Kajabi, there are a few key areas to check for updates. Please let us know in your ticket of any of the following changes:

  • Imports and/or deletions of your contact list.
  • Creation, editing, deletion, or deployment of email campaigns.
  • Site title changes (located in settings > site details).
  • Account plan changes, such as unknown charges or plan upgrades. (located in settings > billing).

If you’ve already tried resetting your password and are still unable to log in, please contact our support team via email at support@kajabi.com if you haven’t received an email from us yet.


Step 2. Verify your identity with Kajabi's Support team

To further our investigations of your cases, we require as many of the following details as you can provide:

  • The IP address for the relevant account user. You can use this tool or search for it on Google.
  • If you are using a password manager application, please let us know.
  • Do you happen to share credentials with another individual such as a service provider or colleague? 
  • Do you share a similar password or email with another platform (e.g. same email and password on Emails, Banks, Social, and Kajabi)? 

Step 3. Restore your account

We understand that this is a frustrating process. We are more than happy to work with you to get your account back up and running. Depending on the changes made to your account, here are some guidelines to revert your account to its original state:

Contact list: 

In most cases, the main distinction between bad lists and genuine contacts is the lack of a first and/or last name.

  • Remove the bad list from your site by filtering your contacts via the added date filter. 
  • Sort the list via the name from A-Z to check if there are any contacts with names. 
  • Add a tag to the contacts with names.
  • Use the tag as an additional filter for your contact list
  • Delete all contacts listed

If all of your contacts got deleted, this principle can be applied to the CSV file of the deleted list. You can then import the filtered list to your Kajabi site.

Email Campaigns:

  • Simply delete the bad email campaigns from your site

Site Title:

  • Head over to your account’s settings page
  • Site details
  • Revert the site title to its original name

Account plan:

  • Navigate to your account’s billing page through this link or by manually heading over to your account’s settings page > billing
  • Check if your account’s plan is still the same
  • Change your plan as needed and communicate any relevant refund via the support ticket that you have about your account.

Step 4. Get your account reinstated

The goal of these requirements is to ensure your Kajabi account and site are brought back to their pre-incident condition and that appropriate security settings are enabled. The account can be reinstated after meeting the following conditions:

  • The account/site has been reverted to its original details.
  • All users on the account have updated passwords. We recommend using this tool to test its strength or leverage a password manager to generate strong, unique passwords.
  • All users on the account have MFA enabled.
  • All users on the account have their own unique login credentials.

After these criteria are met, work with your support team contact to verify and we will be happy to reinstate your account.


FAQs

How can I prevent this from happening again?

To make sure that the account is as secure as possible, we highly recommend updating your (all users on the Kajabi account) credentials on Kajabi, as well as on other platforms, especially if they are shared across multiple platforms (e.g., Gmail), and enabling multi-factor authentication. Here's our Help Center article on How to Set Up Multi-Factor Authentication (MFA). Following Account Security best practices is also highly encouraged. 

Did Kajabi get hacked?

Kajabi takes these matters seriously and continuously evaluates our platform, applying state-of-the-art preventative measures where applicable. 

If this ever becomes the case, we’ll make sure to inform you accordingly. Please be sure to check our status page and subscribe to our latest updates there on these kinds of topics.

An Admin user is no longer a part of our team; what should I do?

If for any reason, an admin user is no longer required access to your account, please inform us in the support ticket and we will be happy to assist.


Account Security best practices

Here are some guidelines to follow to ensure your Kajabi account security.

Securing your account(s):

  • Ensure that all of your passwords (email, Kajabi, banking, payment processor, etc.) are at least 10 characters in length, complex, and unique across all accounts. You can learn more about password security here.

  • Leverage a reputable password manager where possible. Password managers can generate long, complex, and unique passwords for all accounts.

  • Implement multi-factor authentication (MFA) where available and whenever possible and set up appropriate recovery accounts. 
    Here’s how to enable MFA on Kajabi.

Once the above best practices have been implemented, ensure the following:

  • Do not use an owner or administrator account to perform day-to-day work tasks unless necessary.
  • Set up an individual user account for each individual supporting your business/account. This significantly reduces the risk of an account compromise by not requiring shared passwords, etc. Institute long, complex, and unique passwords across all accounts.

And that’s how to secure your Kajabi account and reset it to its original state! Please vote below and let us know if you found this article helpful. We value your feedback. Thanks for being the best part of Kajabi!

Did you find this article helpful?