Has My Account Been Compromised?
If you receive a new login email and don't recognise the IP address or the location from which the login was made, this doesn't inherently mean an unknown party has illegitimately accessed your account.
Why Is The Location Somewhere I Don't Live?
Several factors can impact the accuracy of the location estimate. These include:
- Proxy servers or VPNs can reroute traffic to a different location, which is often present in corporate environments.
- Carrier-grade routing in ISP and mobile networks can combine traffic from multiple users and locations into one IP address.
- Apple's privacy features, such as iCloud Private Relay, can hide your actual IP address.
- The ability of geolocation databases to accurately track IP addresses as they are frequently reallocated and move between providers.
How Can I Determine If This Access Is Illegitimate?
Please remember that it is essential to consider other factors, not just the IP address location, when determining if your account's activity is legitimate. Other factors to consider are:
- If any other recent activity is unexpected
- Receiving sensitive change notifications
- Confirming time of access
If you can confirm that the login is legitimate (i.e. you logged in yourself), then no further action is required.
I Do Believe That This Access Is Illegitimate! What Should I Do?
If you believe that the login is illegitimate (i.e. you did login at that time/location), then we suggest the following actions:
- Change Your Password
- Enabling Two Factor Authentication (2FA)- If not already enabled.
- Reset Two-Factor Authentication With A Recovery Code - If already enabled.
- Reset Two-Factor Authentication With A Recovery Phone - If already enabled.