By using AWS re:Post, you agree to the Terms of Use
/My AWS account has been hacked over a week and the support ticket is "unassigned". Billing charges are still being generated and I have no support to stop it from AWS./

My AWS account has been hacked over a week and the support ticket is "unassigned". Billing charges are still being generated and I have no support to stop it from AWS.

1

Starting on Dec 13th, I received an email that my account could be compromised and I confirmed it was hacked. I created this account for educational purposes but never used it at all. Now, I can see charges for over 7.5k and my support ticket (9342852151) has been unassigned for more than 24 hours, even when the bill continue increasing. I have no payment methods configured, so I don´t know why you permitted this to happen. I don´t know how to stop it or anything. I need assistance ASAP.

Please, let me know how much time is required to get someone assigned when a ticket is tagged as "Urgent business impacting question". According to the chat session I had yesterday, the AWS security team should be reviewing the issue.

Thanks in advance,

Regards,

  • I have the same problem. Today i wake up view my emails and get a notification of AWS of suspicious activity then i enter to my account an i see a bill of 177$. I don't understand how that could happen to a company like AWS

4 Answers
1

Hello have you already tried completing this process? https://support.aws.amazon.com/#/contacts/aws-account-support and read through this? https://aws.amazon.com/premiumsupport/knowledge-center/recover-aws-password/

This is to regain access to your AWS Account so you can delete resources. Compromised accounts fall on the customer side of the shared responsibility model, so you will want to act to try and regain access to your account if you have not already.

thank you,

EXPERT
answered 5 months ago
  • May I ask how this turned out for you? I am having a very similar issue. I'm very concerned about the charges the hacker ran up.

0

Thank you!

After I posted this question I was contacted through the support case I have and I´ve been working with the ticket owner in order to secure the account and remove all instances and clusters across the regions.

I´m now awaiting next steps in order to get this solved and closed.

Thanks for your reply.

answered 5 months ago
0

I had the exact same issue. I got an email from AWS saying the email associated with my account had been changed so some address I had never seen before. I immediately opened a support ticket, but they wouldn't help me because I couldn't recall my account number. I showed them the email and address it was changed to. There MUST be some kind of log showing how it happened. Then yesterday I get a bill on my credit card for $7600 USD. So I opened another ticket but I don't seem to be gaining traction with support. I put the transaction ID and everything in the ticket. Just like you, I created this account for personal education and hadn't looked at it in some time. I could not use the steps above because the hacker changed the email associated with my account.

answered 5 months ago
0

Exact same issue. How would this happen to a company like AWS - we should try to collect how many accounts are impacted and share this publicly.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions