We are notifying ALL Keap users and partners of a recent security compromise that has affected a few of our customers. We take your security seriously, and want to avoid any further customer accounts being impacted. Below we share what happened as well as steps you can take to protect your data and avoid being a victim of this type of attack.
Several Keap customers (14) have experienced a targeted attack which has resulted in their login credentials being stolen. The attackers are using this stolen login information to access apps, upload tens of thousands of contacts, and send phishing emails to those addresses. After sending 3 to 5 email broadcasts, they proceed to delete all contacts, both fake and real, from the apps and disappear. In all these attacks, shared login credentials have been the common factor.
Recommendation: Protect Your Data
We strongly recommend against sharing user credentials, even with trusted partners, contractors, or third parties. If you need help adding additional user licenses please contact our support team via phone or chat here.
Take Action: Change Your Password and Set up Two-Factor Authentication
To safeguard your data and protect your business, we have implemented a forced password reset to your app. All users have been logged out and will need to reset their password in order to log back in. We recommend changing to a password that is:
at least 14 characters
a combination of uppercase letters, lowercase letters, numbers, and symbols
significantly different from your previous passwords.
As an added security measure, we also strongly recommend enabling two-factor authentication. Follow the steps in this article to set up two-factor authentication.