I think someone accessed my account without permission
Read this first if you suspect your account was accessed by someone other than you.
TL;DR — do these 4 things right now
Change your password at https://www.formationhub.com/member/settings/security
Enable 2FA if not already enabled (same page)
Sign out of all devices: Account Settings → Security → "Sign out of all devices"
Email [email protected] with what happened — we respond within 1 business hour
Then come back and read the rest of this article.
Signs of unauthorized access
Common indicators someone else has accessed your account:
Sign-in indicators
You see a sign-in from a city / country you've never been to (Account Settings → Security → Sign-in history)
You see a device type you don't own (e.g., you only use Mac/iPhone but there's a Windows sign-in)
You get a sign-in confirmation email you didn't trigger
Your password "doesn't work anymore" (someone changed it)
Activity indicators
Documents you don't recognize in your portal
Filings you didn't request
Payment methods you didn't add
Profile changes (name, email, address you didn't make)
Communication preferences changed
2FA enabled/disabled without your action
External indicators
A bank flagged a charge from FormationHub you didn't authorize
You received a confirmation email for an order you didn't place
A state filing happened in your name without your knowledge
What to do (detailed steps)
Step 1: Secure access
Even if you can still sign in, the attacker might still have access. Lock them out:
Sign in to https://www.formationhub.com/member
Account Settings → Security
Change password to something completely new (don't reuse from any other site)
Sign out of all devices (kicks out any active session that isn't your current one)
Enable 2FA with an authenticator app — this is the most important step
If you can't sign in because the password was changed: - Click "Forgot password" → reset link sent to your email - If your email was also changed: you need to recover via support (email [email protected])
Step 2: Notify us
Email [email protected] with: - Your account email - When you noticed something was wrong - What specifically looked suspicious (sign-ins from unfamiliar locations, unauthorized changes, etc.) - Whether you've already secured access (changed password + enabled 2FA) - Phone number we can reach you at
We will: - Acknowledge within 1 business hour during business hours - Pull your sign-in logs and activity history - Identify any unauthorized changes - Roll back unauthorized changes (within 30 days of the change, where possible) - Investigate the source — if it's a leaked password from another site, we'll let you know; if it's something on our end, we'll fix it
Step 3: Audit your other accounts
Most account takeovers are NOT because of a FormationHub breach (we've never had one). They're usually because: - You reused the FormationHub password somewhere else, and that other site got breached - A phishing email tricked you into entering your credentials on a fake site
While the attacker had access to FormationHub, they may have also tried: - Your email account - Your bank accounts - Other business / productivity services using the same email + password
Action: change passwords on every important service that shares an email with your FormationHub account. Especially: - Your email (Gmail, Outlook, etc.) - Your bank / financial accounts - Government services (IRS account if you have one) - Other business services (QuickBooks, Stripe Dashboard, etc.)
Use a password manager going forward so each site has a unique password.
Step 4: Monitor your statements
For 30-90 days after the incident, monitor: - Credit card / bank statements for unauthorized charges - Payment receipts from FormationHub (if you see charges that aren't yours, report immediately) - Your business bank account for unauthorized transactions - Your email inbox for confirmations of services you didn't sign up for
If you see anything suspicious, report it to the relevant service AND to us.
Step 5: Consider a credit freeze
If the attacker accessed your SSN or other identifying info (e.g., from your BOI filing):
Freeze your credit at all three bureaus:
Equifax: 800-685-1111
Experian: 888-397-3742
TransUnion: 800-680-7289
Frozen credit prevents new accounts being opened in your name
You can temporarily lift the freeze when you need to apply for credit yourself
Free at all three bureaus.
What we do in response
When you report unauthorized access:
Immediate (within 1 business hour)
Pull sign-in logs for your account
Identify the timing + IP address of suspicious activity
Lock the account if not already secured by you
Disable any active sessions
Within 24 hours
Email you a summary of what we found
List any unauthorized changes we identified
Roll back changes where possible (e.g., revert a profile change, cancel an unauthorized filing if still pre-state-submission)
Issue a refund for unauthorized charges
Within 7 days
Full incident report with what happened, what we did, what we recommend
If our systems were involved (rare), root-cause analysis + remediation plan
If your credentials were compromised elsewhere (more common), guidance on which other accounts to secure
What we CAN'T undo
LLC filings that have been accepted by the state (we'd help you file Articles of Dissolution if you want to undo)
EIN applications that have been processed by the IRS (we'd help with EIN cancellation paperwork)
Mail scans we delivered — these are already in your portal, but the attacker may have already viewed them
Funds the attacker withdrew via our payment processor (disputes via your card issuer)
Filing reports
For serious incidents:
FTC: https://reportfraud.ftc.gov — file a complaint, get a recovery plan
FBI IC3: https://www.ic3.gov — for cybercrime reporting (especially with financial loss)
State attorney general: many states have consumer protection offices for identity theft
Local police: file a police report for identity theft (some banks require this for fraud claims)
Preventing future incidents
After resolving this one:
✅ Enable 2FA on every important account (FormationHub, email, banks, etc.)
✅ Use a password manager with unique passwords per site
✅ Don't reuse FormationHub credentials anywhere else
✅ Use a recovery email that you control and have secured
✅ Review sign-in history monthly: Account Settings → Security → Sign-in history
✅ Be skeptical of email links — sign in directly via https://www.formationhub.com/member
Common questions
"Was FormationHub hacked?"
We've never had a data breach. Account takeovers are typically due to credentials leaked elsewhere (other site breaches, phishing, malware) and used to try logging into multiple services.
If we ever DID have a breach, we'd notify affected customers within 72 hours of confirmation, per our security commitment.
"Will my LLC be okay?"
Almost always yes. We can roll back unauthorized changes within our system. State filings are harder to reverse but possible.
"Can I sue someone for accessing my account?"
We can provide IP-address logs that may help law enforcement identify the attacker. Successful prosecution depends on jurisdiction and the attacker's location.
"Will you cover damages?"
For damages caused by our systems (e.g., a vulnerability on our end), yes. For damages caused by your credentials being stolen elsewhere, we help with recovery but the financial responsibility is between you and the originating breach.
"Should I close my account and start fresh?"
Usually not necessary. Securing access + enabling 2FA is sufficient for most incidents. If you want a fresh start anyway, see Closing your account.
Next steps right now
Change password: https://www.formationhub.com/member/settings/security
Enable 2FA: same page
Sign out of all devices: same page
Email [email protected]
We treat unauthorized-access reports as the highest priority. You'll hear back within 1 business hour during business hours.