[
    {
        "role": "user",
        "content": "I%27ve%20received%20rest%20my%20password%20emails%20from%20AO3%20twice%20i%20the%20last%20day.%20Is%20someone%20trying%20to%20hack%20my%20account%20and%20what%20should%20I%20do%20about%20it%3F"
    },
    {
        "role": "assistant",
        "content": "Getting \u201creset your password\u201d emails from Archive of Our Own (AO3) when you didn\u2019t request them *can* be a sign someone\u2019s trying to access your account \u2014 but it doesn\u2019t necessarily mean your account has been compromised. AO3, like many sites, has seen lots of these requests recently, sometimes from bots or glitches. Here\u2019s what\u2019s going on *and* what you should do to stay safe.\n\n---\n\n### What AO3 Says About These Emails\n\n- AO3 recently changed its reset flow: you can no longer request a password reset by username when logged out. You have to use your email. That helps reduce spammy or bogus reset emails. ([ao3org.tumblr.com](https://ao3org.tumblr.com/post/800505204480016384/update-to-password-resets-on-ao3?utm_source=openai))  \n- The community (and AO3\u2019s Policy & Abuse team) has said that **receiving password-reset emails does not mean your account is already compromised**, as long as your email itself is secure. You *only* lose control if someone clicks a reset link and changes your password. ([reddit.com](https://www.reddit.com/r/AO3/comments/1otskcr?utm_source=openai))  \n- Still, people *are* getting these reset emails multiple times a day \u2014 either because of bots trying randomly, similar public usernames/emails being mis-entered, or someone might be trying to target you specifically. ([reddit.com](https://www.reddit.com/r/AO3/comments/1oweuyu?utm_source=openai))  \n\n---\n\n### What You Should Do\n\nBecause you\u2019ve already gotten two in one day, it\u2019s prudent to take steps to protect your account.\n\nHere\u2019s a list of actions you should consider:\n\n1. **Change your AO3 password**\n   - Use a new, strong password that's unique (not used on any other site).\n   - Don\u2019t click links in the emails. Instead, go to AO3 manually by typing the site address into your browser.\n\n2. **Secure the email account tied to AO3**\n   - If someone can access your email, they can fully take over your AO3 via a reset link.\n   - Make sure your email password is strong and unique.\n   - Enable two-factor authentication (if your email provider supports it).\n\n3. **Audit your email\u2019s recent activity**\n   - Log into your email and check for odd logins, password changes, or security alerts.\n   - Also check spam or trash for AO3 emails to be sure nothing slipped through.\n\n4. **Report it to AO3 if it keeps happening**\n   - Contact their Support or Policy & Abuse team.\n   - Ask them if they can temporarily disable password resets on your AO3 account. You\u2019ll need to file a request/ticket. ([reddit.com](https://www.reddit.com/r/AO3/comments/1otskcr?utm_source=openai))\n\n5. **Review account-security best practices**\n   - Don\u2019t reuse your password on multiple sites. If one site leaks, others are at risk. ([transformativeworks.tumblr.com](https://transformativeworks.tumblr.com/post/778837924495097856/to-clarify-wed-like-to-reassure-our-users-that?utm_source=openai))  \n   - Always use strong, complicated passwords. Mix letters, numbers, symbols, uppercase/lowercase. ([ao3commentoftheday.tumblr.com](https://ao3commentoftheday.tumblr.com/post/189885366490/hey-just-wanting-to-ask-is-there-any-tips-to-make?utm_source=openai))  \n   - Never share your login credentials. Keep them private.  \n   - Be cautious with links in emails. Phishing attempts often try to mimic real services. If in doubt, go directly to the website. ([reddit.com](https://www.reddit.com/r/AO3/comments/1mycbod?utm_source=openai))  \n\n---\n\n### When It\u2019s Probably Not a Full Hack\n\n- If you **didn\u2019t click** any reset link or give anyone your password, you\u2019re probably okay \u2014 the emails alone don\u2019t give access.  \n- AO3 says there is **no current evidence of a breach**. Users seem to be affected by bots, mass resets, or usernames/emails being guessed or misentered. ([transformativeworks.tumblr.com](https://transformativeworks.tumblr.com/post/778837924495097856/to-clarify-wed-like-to-reassure-our-users-that?utm_source=openai))  \n\n---\n\nIf you like, I can help you go through your AO3 settings or email settings step-by-step to make sure everything\u2019s locked down. Do you want that?"
    }
]