Account compromise occurs when an unauthorised person gains access to your Rackwave account. This can result in unauthorised sending, quota depletion, reputational damage, and data exposure. Speed of response is critical — every minute of delay gives the attacker more time to exploit your account. This article provides a step-by-step response plan.
Signs That Your Account May Be Compromised
| Warning Sign |
What It Indicates |
| Emails or messages you did not send appearing in delivery logs |
Attacker is using your account to send spam or phishing messages |
| Monthly quota depleted far faster than your normal usage |
Large-scale unauthorised sending consuming your quota |
| Login notification from an unrecognised IP or location |
Someone else has successfully logged in to your account |
| Active session from an unknown device in session manager |
An attacker is currently logged in to your account |
| Bounce rate or spam complaint rate suddenly spiking |
Unauthorised sending to poor-quality or harvested email lists |
| Unexpected subscription upgrades or plan changes |
Attacker upgrading plan to increase sending capacity |
| API logs showing calls from unfamiliar IP addresses |
Your API key may have been leaked and is being used remotely |
| Account details changed without your knowledge |
Attacker updating email, password, or billing info to lock you out |
Immediate Response — First 10 Minutes
Act immediately. Do not wait to gather more information before taking protective action. Secure the account first, investigate second.
-
Change your password immediately
Go to My Account → Security → Change Password. Use a strong, unique password you have never used before. Changing your password invalidates all active sessions including the attacker's.
-
Enable 2FA if not already active
Go to My Account → Security → Two-Factor Authentication → Enable. This prevents the attacker from logging back in even if they still have your new password via a keylogger.
-
Revoke all active sessions
Go to My Account → Security → Active Sessions → Revoke All Other Sessions. This forces all currently logged-in sessions to terminate immediately.
-
Revoke all API keys
Go to MigoSMTP and Telnxo dashboards → API Keys → revoke every existing key. Generate fresh keys only after securing the account.
-
Contact Rackwave Support
Open a support ticket immediately with the subject: Account Compromise — Urgent. The support team can place an account hold, investigate server-side logs, and assist with recovery.
Secondary Response — Next 30–60 Minutes
-
Review delivery logs for unauthorised sending
In MigoSMTP go to Reports → Delivery Reports. Filter by the suspected compromise window. Export logs for evidence. In Telnxo go to Message Logs and do the same.
-
Check for account detail changes
Verify that your registered email, company name, billing address, and GSTIN have not been changed. If any were altered, correct them immediately.
-
Audit subscription and billing changes
Check the Invoices and Services pages for any unexpected upgrades, new subscriptions, or payment method changes made during the compromise window.
-
Audit team members
Check the Team Members page for any new invitations or role changes made without your authorisation. Remove any unauthorised members.
-
Check for DNS changes
If your MigoSMTP domain verification or DKIM records were altered, review them in Domain Management and correct with your DNS provider.
Damage Assessment Checklist
| Area |
What to Check |
Action If Affected |
| Email sending (MigoSMTP) |
Delivery logs for unauthorised sends; unusual recipients or volumes |
Document and report to Rackwave; consider notifying affected recipients if sensitive data was involved |
| SMS / Voice (Telnxo) |
Message logs for unauthorised SMS or calls; balance depletion |
Report to Rackwave support; request wallet reversal for fraudulent charges |
| Sender reputation |
Delivery rate, bounce rate, spam complaints after the compromise |
Contact Rackwave support to request reputation review; follow IP warmup guidelines to rebuild |
| Billing / payment |
Unexpected charges on invoices; payment method changes |
Contact Rackwave accounts team; file a chargeback with your bank if fraudulent charges occurred |
| Data exposure |
Suppression lists, contact data, or templates viewed or exported |
Assess if personal data was accessed; evaluate GDPR or data protection notification obligations |
After Securing the Account — Prevention Going Forward
- Identify how the compromise happened — phishing, reused password, leaked API key, or malware. Fix the root cause.
- Check your other accounts for the same credentials and change them if you reused passwords.
- Use a dedicated, unique password for Rackwave managed in a password manager.
- Enable 2FA permanently and never disable it.
- Set up IP whitelisting to restrict portal access to known networks.
- Apply least-privilege scoping to all API keys and rotate them every 90 days.
- Train your team to recognise phishing emails targeting SaaS platform credentials.
Next Steps