Post Header
This year, in recognition of World Password Day, we’re asking all fans to spend a few minutes ensuring that their passwords – and their AO3 accounts – are secure.
Recently, the Policy & Abuse committee (PAC) has seen an increasing number of users who have lost access to their AO3 accounts because they used an insecure password. We'd like to reassure our users that there is no indication that AO3 has experienced a data breach. PAC has been able to determine that all of the affected users' login information had been compromised in other ways, such as by accidentally downloading malware to their devices and/or by re-using the same password on AO3 that they had also used on a compromised website.
In early 2025, several large datasets were posted online, containing hundreds of millions of email/password pairs obtained from malware and compromised websites. It's common practice for scammers to test these compromised email/password pairs on other websites, in case the affected passwords were reused elsewhere. This allows the scammer to access accounts on websites that have never experienced a data breach, such as AO3. After gaining access to an account, the scammer may then change the account's email, password, and/or username, or sell the account information to other people.
AO3 is always free to use, but some people might not understand how to create their own AO3 account. There are many reasons for this, such as language barriers and unfamiliarity with our site. These people may purchase AO3 account information in the mistaken belief that AO3 accounts can be sold legitimately. They only discover they have been scammed once PAC re-acquires the account to give it back to the original owner.
PAC has been working diligently to identify compromised accounts and restore them to their original owners. We have also been working with the victims of the account-selling scam to help them create their own free AO3 accounts. Unfortunately, sometimes these victims, thinking the account they purchased legitimately belongs to them, may delete works or other content posted by the original account owner. While PAC can restore ownership of an account, we are unable to restore deleted content.
Ensure Your Password is Secure
You can reduce your vulnerability to this kind of incident by following internet security best practices:
- Set a unique, secure password for each and every one of your accounts on all platforms.
- Don't ever reuse passwords or share your passwords with anyone else for any reason.
- Use a password manager. This will help you to set unique, secure passwords for each of your accounts without worrying about forgetting them. Many browsers have a free, built-in password manager if you would prefer not to download third-party software.
- Keep your antivirus software and operating system up to date, and set them to scan for malware regularly.
- Check the website haveibeenpwned.com to see if your emails, passwords, and other information may have been exposed in data breaches. Change your passwords for any breached websites and any accounts on other sites where you may have used the same password.
If you are ever worried that your AO3 account is at risk of being compromised, you should do the following:
- Change your password immediately. This will automatically log you – and anyone else accessing your account – out of all sessions on all devices.
- If you’ve forgotten your password, but you have access to the email address currently associated with your AO3 account, you can log out and reset your password instead.
- If you’ve forgotten your password, and you no longer have access to the email address you used for your account, please contact Support.
- Make sure the email address associated with your AO3 account is one that you check regularly, as this is where all notifications about your account will be sent. If you need to update your email address, please refer to our FAQ about changing your email.
If you've received an email from @archiveofourown.org saying that the email associated with your account has been changed to one you don’t recognize, and you can't log in to your account, please contact Policy & Abuse. PAC treats compromised accounts as a matter of high priority, and will work with you via email to restore your account. If it's been over a week and you have not heard back from a PAC volunteer about the status of your account, check your email (including any spam, social, or other folders) before replying to our email or submitting a new Abuse report.
Again, we emphasize that there has not been any breach of AO3's servers. We are also developing and implementing additional measures to help prevent unauthorized access to AO3 accounts. However, your account is only as secure as your password and email. We encourage all users to take a few minutes today to ensure that your AO3 password is unique and your email address is up to date.
Pages Navigation
StarCoyote Thu 01 May 2025 05:06PM UTC
Comment Actions
napdragon Thu 01 May 2025 05:23PM UTC
Last Edited Thu 01 May 2025 06:48PM UTC
Comment Actions
willowherbwild Sat 03 May 2025 07:12AM UTC
Comment Actions
napdragon Tue 06 May 2025 07:38PM UTC
Comment Actions
Zaniida Sat 03 May 2025 09:13AM UTC
Comment Actions
napdragon Sat 03 May 2025 04:15PM UTC
Comment Actions
Zaniida Sun 04 May 2025 06:24AM UTC
Comment Actions
Smaelstrom Thu 01 May 2025 05:24PM UTC
Comment Actions
MysteriousMihai Thu 01 May 2025 05:46PM UTC
Last Edited Thu 01 May 2025 09:32PM UTC
Comment Actions
CookieLoveHearts Fri 02 May 2025 11:40AM UTC
Comment Actions
Quihi Sun 04 May 2025 06:12PM UTC
Comment Actions
doridor Thu 01 May 2025 06:41PM UTC
Comment Actions
AO3_Policy_and_Abuse (Official) Thu 01 May 2025 09:59PM UTC
Comment Actions
doridor Fri 02 May 2025 09:30AM UTC
Comment Actions
AO3_Policy_and_Abuse (Official) Fri 02 May 2025 08:16PM UTC
Comment Actions
doridor Fri 02 May 2025 09:02PM UTC
Comment Actions
EchoEkhi Thu 01 May 2025 07:58PM UTC
Comment Actions
OTW_News_Post_Moderation (Official) Thu 01 May 2025 09:29PM UTC
Comment Actions
MysteriousMihai Thu 01 May 2025 09:32PM UTC
Comment Actions
Raberba girl (Raberba_girl) Thu 01 May 2025 10:05PM UTC
Comment Actions
EchoEkhi Thu 01 May 2025 10:25PM UTC
Comment Actions
SimpleThrowawayAccount123 Sat 03 May 2025 01:30AM UTC
Comment Actions
bodytoflame Sat 03 May 2025 05:03AM UTC
Comment Actions
HugeTailsFan Sat 03 May 2025 05:27AM UTC
Last Edited Sun 04 May 2025 10:06PM UTC
Comment Actions
HugeTailsFan Sat 03 May 2025 05:39AM UTC
Comment Actions
Zaniida Sat 03 May 2025 09:25AM UTC
Comment Actions
HerdOfTurtles Fri 02 May 2025 01:43AM UTC
Last Edited Sat 03 May 2025 12:40AM UTC
Comment Actions
sockswithheels Fri 02 May 2025 03:45AM UTC
Comment Actions
TheLegomaniac Fri 02 May 2025 04:29AM UTC
Comment Actions
Otore Fri 02 May 2025 08:41AM UTC
Last Edited Fri 02 May 2025 08:41AM UTC
Comment Actions
smlm Fri 02 May 2025 09:00AM UTC
Comment Actions
LaraThrone Fri 02 May 2025 12:19PM UTC
Comment Actions
hojiteaversion Fri 02 May 2025 03:37PM UTC
Comment Actions
Nomireligion Fri 02 May 2025 04:20PM UTC
Comment Actions
Smaelstrom Fri 02 May 2025 09:16PM UTC
Comment Actions
Nomireligion Fri 02 May 2025 10:52PM UTC
Comment Actions
Smaelstrom Sat 03 May 2025 12:04AM UTC
Comment Actions
sugucru (sugculent) Fri 02 May 2025 06:42PM UTC
Comment Actions
MalcontentCatboy Fri 02 May 2025 10:58PM UTC
Comment Actions
Smaelstrom Sat 03 May 2025 12:07AM UTC
Comment Actions
MalcontentCatboy Sun 04 May 2025 03:10AM UTC
Comment Actions
Smaelstrom Sun 04 May 2025 07:12AM UTC
Comment Actions
HugeTailsFan Sat 03 May 2025 04:27AM UTC
Last Edited Sat 03 May 2025 04:28AM UTC
Comment Actions
Smaelstrom Sat 03 May 2025 06:02AM UTC
Comment Actions
Otore Sat 03 May 2025 09:02AM UTC
Comment Actions
BlueCat69 Sat 03 May 2025 05:10AM UTC
Comment Actions
luvr4gyu Sun 04 May 2025 05:42AM UTC
Comment Actions
AO3_Policy_and_Abuse (Official) Tue 06 May 2025 05:00AM UTC
Comment Actions
luvr4gyu Tue 06 May 2025 03:45PM UTC
Comment Actions
luckysweethappy Sun 04 May 2025 08:05PM UTC
Comment Actions
Account Deleted Sun 04 May 2025 11:49PM UTC
Comment Actions
Pages Navigation