Why Author Accounts Are Targeted

Your KDP account holds your bank account information and your royalty payments. Your email marketing account contains your entire reader list — often worth thousands of dollars in lifetime reader value. Your Shopify or payment processor account has your direct sales revenue. Attackers know this.

The most common attack method isn't sophisticated hacking — it's credential stuffing, where attackers take login credentials leaked from another data breach (a forum, a shopping site, a service you signed up for years ago) and try them on every major platform. If you use the same password on KDP that you used on a breached site, your KDP account is at risk.

Step 1: Stop Reusing Passwords

This is the single most important security improvement you can make. Every publishing platform, email service, and payment processor you use should have a unique password that you don't use anywhere else.

This sounds impossible to manage — until you use a password manager.

What is a password manager?

A password manager is an app that generates strong, unique passwords for every site you use and remembers them all. You only need to remember one master password — the rest are generated and stored securely. It fills in your login details automatically, the same way your browser sometimes does, but much more securely.

Recommended password managers

Bitwarden (free and open-source, highly trusted), 1Password ($3/month, very author-friendly interface), and Proton Pass (free tier available, strong privacy focus from the same company as Proton Mail). All three work across Windows, Mac, iPhone, and Android.

💡 TIP: Setting up a password manager feels like a two-hour project but takes about 20 minutes once you start. Begin by adding your five most important accounts: KDP, your email marketing platform, PayPal or Stripe, your author website login, and your primary email address. You can add others over time.

Step 2: Turn On Two-Factor Authentication

Two-factor authentication (2FA) means that even if someone gets your password, they still can't log into your account without a second code that only you have access to. It's the difference between a single-lock door and a double-locked one.

Every major publishing platform supports 2FA. Here's how to turn it on for the platforms authors use most:

• KDP: Amazon Account > Account & Lists > Account > Login & Security > Two-Step Verification

• KWL (Kobo Writing Life): Account settings > Security > Two-factor authentication

• Draft2Digital: Account > Security > Enable two-factor authentication

• MailerLite: Profile > Security > Two-factor authentication

• Kit (formerly ConvertKit): Profile > Security > Two-factor authentication

• Shopify: Account > Security > Two-step authentication

Use an authenticator app (Google Authenticator, Authy, or your password manager's built-in authenticator) rather than SMS text messages — SMS-based 2FA is better than nothing but less secure than an app-based code.

🚨 IMPORTANT: Enable 2FA on your primary email address first, before anything else. If an attacker gains access to your email, they can use 'forgot password' to reset every other account. Your email account is the master key to your entire author business.

Step 3: Check If You've Been Breached

Go to haveibeenpwned.com and enter your email address. This free service, run by security researcher Troy Hunt, checks your email against 12+ billion breached records and tells you if your credentials appeared in a known data breach.

If your email shows up in a breach: immediately change the password for that service and for any other service where you used the same password. This is exactly the kind of information credential stuffers use.

💡 TIP: Have I Been Pwned also has a password check feature — you can check whether a specific password has appeared in any known breach without revealing what account it belongs to. This is a useful check for any password you've been using for more than a year.

Proton Mail — An Optional Privacy Upgrade for Your Author Email

If you're concerned about email privacy — especially as an author who handles book contracts, publishing platform credentials, and payment information via email — Proton Mail is worth knowing about. Created by scientists at CERN in Switzerland, it uses end-to-end encryption, operates under Swiss privacy law, and cannot read your email contents even under legal compulsion.

Proton Mail has a free tier. The paid plan ($4/month) includes a custom domain address (yourname@yourdomain.com), which is also useful for professional author email. Proton also offers Proton Pass (a privacy-focused password manager) and Proton VPN as part of their suite.

💡 TIP: Techlore (techlore.tech) on YouTube, with their 'Go Incognito' privacy course, is the most comprehensive and accessible resource for authors who want to understand digital privacy and security at a deeper level. Their 'Ultimate Windows Privacy & Security Guide' and 'Ultimate macOS Privacy & Security Guide' are particularly relevant.

How ScribeCount Helps

ScribeCount connects to your publishing platforms to pull sales data. Protecting those platform accounts protects the data pipeline that makes ScribeCount work. If your KDP account is compromised, an attacker can change your bank account details and divert royalties. Strong, unique passwords and 2FA on every publishing platform are the foundation of a secure author business — and they directly protect the income data ScribeCount tracks.