My AWS account has been hacked over a week and the support ticket is "unassigned". Billing charges are still being generated and I have no support to stop it from AWS.
Starting on Dec 13th, I received an email that my account could be compromised and I confirmed it was hacked. I created this account for educational purposes but never used it at all. Now, I can see charges for over 7.5k and my support ticket (9342852151) has been unassigned for more than 24 hours, even when the bill continue increasing. I have no payment methods configured, so I don´t know why you permitted this to happen. I don´t know how to stop it or anything. I need assistance ASAP.
Please, let me know how much time is required to get someone assigned when a ticket is tagged as "Urgent business impacting question". According to the chat session I had yesterday, the AWS security team should be reviewing the issue.
Thanks in advance,
I have the same problem. Today i wake up view my emails and get a notification of AWS of suspicious activity then i enter to my account an i see a bill of 177$. I don't understand how that could happen to a company like AWS
Hello have you already tried completing this process? https://support.aws.amazon.com/#/contacts/aws-account-support and read through this? https://aws.amazon.com/premiumsupport/knowledge-center/recover-aws-password/
This is to regain access to your AWS Account so you can delete resources. Compromised accounts fall on the customer side of the shared responsibility model, so you will want to act to try and regain access to your account if you have not already.
May I ask how this turned out for you? I am having a very similar issue. I'm very concerned about the charges the hacker ran up.
After I posted this question I was contacted through the support case I have and I´ve been working with the ticket owner in order to secure the account and remove all instances and clusters across the regions.
I´m now awaiting next steps in order to get this solved and closed.
Thanks for your reply.
I had the exact same issue. I got an email from AWS saying the email associated with my account had been changed so some address I had never seen before. I immediately opened a support ticket, but they wouldn't help me because I couldn't recall my account number. I showed them the email and address it was changed to. There MUST be some kind of log showing how it happened. Then yesterday I get a bill on my credit card for $7600 USD. So I opened another ticket but I don't seem to be gaining traction with support. I put the transaction ID and everything in the ticket. Just like you, I created this account for personal education and hadn't looked at it in some time. I could not use the steps above because the hacker changed the email associated with my account.
Exact same issue. How would this happen to a company like AWS - we should try to collect how many accounts are impacted and share this publicly.
My AWS account has been hacked over a week and it generated a bill of $2845 in last two days of Feb and $3431 in March. In just 15 days, this amount got generated.asked 2 months ago
My student credit expired before it is due. How can I reactivate it?asked 5 months ago
$4,000 CHARGE due to ACCOUNT HACKasked 9 days ago
Root account no permissionsAccepted Answerasked 2 months ago
My AWS account has been hacked over a week and the support ticket is "unassigned". Billing charges are still being generated and I have no support to stop it from AWS.asked 5 months ago
Root account hacked and Email updatedasked 5 months ago
Account hacked, still charged with billasked 4 months ago
Unassigned status for support case from 4 daysasked 4 months ago
default VPC for my old AWS accountAccepted Answerasked 3 years ago
Cannot SSH into any EC2s a few minutes after startingasked 2 years ago