By using AWS re:Post, you agree to the Terms of Use

My AWS account has been hacked over a week and the support ticket is "unassigned". Billing charges are still being generated and I have no support to stop it from AWS.


Starting on Dec 13th, I received an email that my account could be compromised and I confirmed it was hacked. I created this account for educational purposes but never used it at all. Now, I can see charges for over 7.5k and my support ticket (xxxxxxxxxx) has been unassigned for more than 24 hours, even when the bill continue increasing. I have no payment methods configured, so I don´t know why you permitted this to happen. I don´t know how to stop it or anything. I need assistance ASAP.

Please, let me know how much time is required to get someone assigned when a ticket is tagged as "Urgent business impacting question". According to the chat session I had yesterday, the AWS security team should be reviewing the issue.

Thanks in advance,


Edit: Removed case ID — Chrissy B.

  • I have the same problem. Today i wake up view my emails and get a notification of AWS of suspicious activity then i enter to my account an i see a bill of 177$. I don't understand how that could happen to a company like AWS

5 Answers

Hello have you already tried completing this process? and read through this?

This is to regain access to your AWS Account so you can delete resources. Compromised accounts fall on the customer side of the shared responsibility model, so you will want to act to try and regain access to your account if you have not already.

thank you,

profile picture
answered 9 months ago
  • May I ask how this turned out for you? I am having a very similar issue. I'm very concerned about the charges the hacker ran up.


Thank you!

After I posted this question I was contacted through the support case I have and I´ve been working with the ticket owner in order to secure the account and remove all instances and clusters across the regions.

I´m now awaiting next steps in order to get this solved and closed.

Thanks for your reply.

answered 9 months ago

I had the exact same issue. I got an email from AWS saying the email associated with my account had been changed so some address I had never seen before. I immediately opened a support ticket, but they wouldn't help me because I couldn't recall my account number. I showed them the email and address it was changed to. There MUST be some kind of log showing how it happened. Then yesterday I get a bill on my credit card for $7600 USD. So I opened another ticket but I don't seem to be gaining traction with support. I put the transaction ID and everything in the ticket. Just like you, I created this account for personal education and hadn't looked at it in some time. I could not use the steps above because the hacker changed the email associated with my account.

answered 9 months ago

Exact same issue. How would this happen to a company like AWS - we should try to collect how many accounts are impacted and share this publicly.

answered 5 months ago

This has just happened to me. 8000 EC2 instances were created on my account. Somehow the hacker got access to my AWS account even though i never share the password and user strong passwords. So far today i have a bill off $1200. I've written a CLI script to delete all teh instance, changes passwords, removed the CLI key they used, etc. Hoping Amazon refund me as that bill was not generated by me. If they don't I'll be terminating my account with them and they'll never see another $ from me.

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions