I think my account has been compromised

If you notice unfamiliar activity on your Ko-fi account or you’ve received a notification from Ko-fi that doesn’t look right, you should follow these steps to secure your account.


Quick steps to secure your account

  1. Change your password to prevent others from accessing your account
  2. Enable Two-Factor Authentication (2FA) for an extra security boost
  3. Consider changing your Account Email to an address that no one else knows
  4. Contact us with a brief explanation of what you’ve noticed, the email address associated with your account, and any other information that you believe may be helpful


Signs your account might be compromised

  • If you get a link from Ko-fi saying your email address or payment method (like PayPal or Stripe) has been changed, and you didn't do it, that's a sign something might be up.
  • If you’ve received a notification from Ko-fi about a payment, but haven’t received the money into your PayPal or Stripe account.
  • If you're sure you're using the right login details but still can't get into your account, or if you're not getting an email when you click the 'forgotten password' link, something might be wrong.
  • Other clues might be finding content you didn't post, messages you didn't send, or payments to another Ko-fi page that you didn't make.

Keep a lookout for these signs, and if you see any of them, make sure to quickly take steps to protect your account.


Ways to secure your account

Change your password Log in to your account, go to Account Settings, and click on ‘Change your password’ to view the Change Password screen.

Screenshot 2023-08-03 at 14.51 1.png

Be sure to choose a strong, unique password that you haven't used elsewhere.

We suggest:

  • Using a combination of lowercase and uppercase letters, numbers, and symbols
  • Excluding any personal information and real words
  • Changing your password regularly, but always prioritising strength and uniqueness

If you find your are locked out, select 'Forgot password?' on the login screen. You can then safely reset your password via email. If you signed up to Ko-fi using Google or Facebook, you should also change your passwords for those services.


Enable Two-Factor Authentication (2FA) We strongly recommend enabling Two-Factor Authentication (2FA). In doing so, a 6-digit code will be required each time you log in and further improve your account’s security. For guidance on setting up 2FA see our article here.


Consider changing your account email If you think someone has access to the email account you use on Ko-fi, consider updating the email address that you use to log in to Ko-fi. In Account Settings select 'Change your email address.' Enter your new email, and we'll send a confirmation to your existing email. This ensures that nobody can change your email address without accessing your email account.

22222 1.png

Contact us If you can't log in or complete the steps above for any reason and suspect that your account has been compromised, don’t hesitate to reach out to us - we’ll respond as quickly as we can.

Payments not received

If someone has sent you a payment on Ko-fi, but you haven’t received the money you should check your Payment Settings to make sure your Ko-fi page is connected to your payment method.

Check carefully for any discrepancies in the email addresses used. If it’s not your account then disable payments by toggling off ‘Accept Payments’, then follow the steps above to secure your account before reactivating payments.

payment settings page 1.png

If you are confident the payment methods are connected to your owned accounts, check your Payments History for the status of those payments.

Also check the payment methods directly by logging into your PayPal or Stripe account. It’s best to do this on the full ‘desktop’ version of the payment service instead of any apps which may only show partial information. Check for any issues with your account or issues highlighted on that specific payment.

If you’re still having trouble, don’t hesitate to contact the support team.