If you think someone unauthorized has accessed your agency on KNKY — you noticed unexpected changes, suspicious emails, things in your dashboard you didn't do — follow the steps below. Act fast: the sooner you act, the easier it is to lock things down and recover.
Immediate action checklist
Do these now, in this order. Don't skip steps.
1. Change your password — immediately
Go to Security in your agency sidebar and click Change my Password.
Enter your current password
Enter a new strong password — long, unique, and not the same as any password you've used before on KNKY or any other service
Confirm and click Change Password
If you can still log in with your current password, this step gets the attacker out (or limits what they can do) right away.
⚠️ If you've been locked out of your account — you can't log in with your password — skip to Step 3 below and contact support immediately. Don't waste time trying the same password repeatedly.
2. Don't reuse the new password anywhere
The new password should be completely new. If the attacker had your old password, they likely have access to your other accounts too if you reused it.
If you use a password manager (1Password, Bitwarden, KeePass, etc.), let it generate a long random password. If you don't, use at least 16+ characters, mix in numbers and symbols, and store it somewhere safe.
3. Contact KNKY support — right now
Don't wait. The faster support is involved, the faster they can review activity and lock things down on their side. Reach out through the Support section of your dashboard, or by replying to any KNKY email you've received.
When you contact support, give them:
Your agency name and login email
A clear note that you suspect unauthorized access
What you noticed — unexpected emails, dashboard changes, unknown logins, etc.
Roughly when you think the access happened (today, last week, this morning)
Anything you've already done (changed password, etc.) so support doesn't repeat what you did
A short clear message is faster to act on than a long anxious one — give the facts and let the team take it from there.
4. Review your dashboard for changes
While waiting for support, check these sections for anything you don't recognize:
My account — has your Agency Name, Contact name, or contact info been changed?
Employees — are there employees you didn't add? Has anyone's role changed?
Creators — have any pending or active collaborations been created or cancelled without your knowledge?
Finance — have any transfers been initiated that you didn't authorize?
Make a list of anything that looks off and include it in your support message. Don't try to undo changes yourself yet — support may need to see the current state to investigate.
5. Change passwords on your other accounts
If your KNKY password was leaked or guessed, any other account using the same password is also at risk. Update those passwords too — starting with email and any financial accounts.
What to tell support: a quick template
If you're not sure what to write, copy and adapt this:
Hi - I think my agency account on KNKY has been compromised. Details:
Agency name: [your agency name]
Email: [your login email]
What I noticed: [describe what looked suspicious — unexpected emails, dashboard changes, unknown employees, etc.]
When I think it happened: [a rough timeframe]
What I've already done: [changed password, etc.]
Please review login activity on the account and help me lock things down. Thanks.
Signs your account might be compromised
If you're not 100% sure you've been hacked, here are common signals worth taking seriously:
An email from KNKY about a login or action you didn't take (e.g. password change, employee added, withdrawal initiated)
An employee in your team you don't recognize — someone was added without your knowledge
A creator collaboration you don't remember inviting or one that's been cancelled unexpectedly
Changes to your agency profile — different Contact name, different phone, different email
Unexpected transactions in Finance — transfers, refunds, or other movements you didn't initiate
Your password no longer works but you didn't change it (the attacker may have changed it to lock you out)
Login emails from a country or device you don't recognize — if you receive any
Reports from your creators or employees that something happened on their side you didn't do (e.g. creators received an unexpected cancellation, employees lost access)
Any of these is enough to start the immediate action checklist above.
What KNKY support will do
When you report compromise, the support team can:
Review login and activity logs on your account from their side
Force-logout any active sessions if needed
Help you verify which changes were legitimate vs. unauthorized
Help reverse unauthorized changes where possible (e.g. removing unknown employees, restoring previous role assignments)
Escalate to engineering if there's a broader security issue suspected
Preventing compromise next time
Once things are locked down, take a few minutes to reduce the chance of this happening again:
1. Use a unique strong password
Your KNKY password should be only for KNKY. Don't reuse it anywhere. A password manager makes this easy — it generates and stores long random passwords so you don't have to remember them.
2. Never share your login
If your team needs access to your agency, don't share your owner login. Every team member should have their own employee account via the Employees section, with a role that controls exactly what they can do. Shared logins make compromise inevitable: when one person leaves the team, the password is in the wild.
See Complete Overview of Your Employees Section for how to set up team accounts properly.
3. Watch for phishing
KNKY will never ask for your password via email, Telegram, chat, or any other channel. If a message asks you to:
"Confirm your password" or "verify your login"
"Upload your passport or business documents" (agencies don't have a KYC step — see the verification article)
Click a link to log in from an email
...treat it as suspicious. Open the dashboard directly in your browser instead of clicking links, and contact support to verify the message is real.
4. Lock down your email
Your login email is the gateway to your KNKY account — password resets go through it. If your email is compromised, KNKY is too. Make sure your email account has:
A strong unique password
2FA enabled (most email providers support this even if KNKY doesn't yet)
No old delegated access you forgot about
5. Log out on shared or public devices
If you ever use the dashboard on a device that isn't yours — a hotel laptop, a friend's computer — always log out when you're done. Don't trust "Remember me" on shared machines.