Forums Community Will I lose access to my files if my AxCrypt ID account is hacked? Reply To: Will I lose access to my files if my AxCrypt ID account is hacked?

#4023 Reply


Hello Vale,

Yes, accounts can be ‘hacked’ – although, what this typically means is that your password has been guessed or otherwise leaked. Very, very seldom are user accounts really ‘hacked’ in the sense that a vulnerability is exploited. Servers are however sometimes hacked, which sometimes is the cause of leaks of password databases (although just as often it’s an inside job).

No, if someone actually would gain access to your email for example, and then use that access to perform a password *reset*, that will not affect your files. It will, temporarily, cause your sign in to AxCrypt to fail if you’re online of course (since the ‘hacker’ has succeed in *resetting* your password). In this situation, you’ll just *reset* the password again to the original (after ensuring the ‘hacker ‘ no longer has access to your email of course, by changing the password to that service).

The files as such are not at all affected by any kind of change to the online account in this case. Also, with AxCrypt, regardless it’s always possible to open the files with the password originally used to encrypt them.

Your files are safe and usable for you, but not the ‘hacker’, if such person would succeed in actually *resetting* the password of your AxCrypt ID online.

A ‘hacker’ cannot *change* the password to your AxCrypt ID without actually knowing the original. This is not possible to bypass by hacking our server either, since it’s not a regular password change where we just check that the old password is known. We actually encrypt data on our server (using AxCrypt of course) using your password. So, to *change* password, this must be decrypted, and this requires to really know the old password before it’s possible to set a new one.

There is thus a definitive difference between *changing* and *resetting* AxCrypt ID online passwords. *resetting* can be done by a ‘hacker’ with access to your email. *changing* requires to really know the old password.