Hello have you already tried completing this process? https://support.aws.amazon.com/#/contacts/aws-account-support and read through this? https://aws.amazon.com/premiumsupport/knowledge-center/recover-aws-password/
This is to regain access to your AWS Account so you can delete resources. Compromised accounts fall on the customer side of the shared responsibility model, so you will want to act to try and regain access to your account if you have not already.
After I posted this question I was contacted through the support case I have and I´ve been working with the ticket owner in order to secure the account and remove all instances and clusters across the regions.
I´m now awaiting next steps in order to get this solved and closed.
Thanks for your reply.
I had the exact same issue. I got an email from AWS saying the email associated with my account had been changed so some address I had never seen before. I immediately opened a support ticket, but they wouldn't help me because I couldn't recall my account number. I showed them the email and address it was changed to. There MUST be some kind of log showing how it happened. Then yesterday I get a bill on my credit card for $7600 USD. So I opened another ticket but I don't seem to be gaining traction with support. I put the transaction ID and everything in the ticket. Just like you, I created this account for personal education and hadn't looked at it in some time. I could not use the steps above because the hacker changed the email associated with my account.
Exact same issue. How would this happen to a company like AWS - we should try to collect how many accounts are impacted and share this publicly.
This has just happened to me. 8000 EC2 instances were created on my account. Somehow the hacker got access to my AWS account even though i never share the password and user strong passwords. So far today i have a bill off $1200. I've written a CLI script to delete all teh instance, changes passwords, removed the CLI key they used, etc. Hoping Amazon refund me as that bill was not generated by me. If they don't I'll be terminating my account with them and they'll never see another $ from me.
Where can I find AWS Support charges?Accepted Answerasked 3 months ago
No engagement on support case and sneakily being resolvedasked 4 months ago
My AWS account has been hacked over a week and the support ticket is "unassigned". Billing charges are still being generated and I have no support to stop it from AWS.asked 9 months ago
My AWS account has been hacked over a week and it generated a bill of $2845 in last two days of Feb and $3431 in March. In just 15 days, this amount got generated.asked 6 months ago
amazon account hacked and generating money chargesasked 4 months ago
My student credit expired before it is due. How can I reactivate it?asked 9 months ago
My AWS account has been hacked and none one from support seems to be helpfulasked 2 months ago
Support Case still "Unassigned"Accepted Answerasked 2 days ago
My Friend's AWS account got hacked!!asked 3 months ago
Compromised account received a massive billingasked 3 months ago