Root account hacked and Email updated

Hi, i receive the mail "Your Amazon Web Services Account Email Has Been Updated" but i don't ask to change my mail!! My account is hacked! I just provide to lock the credit card assocatiated to my aws account. I write to support 2 times but i don't receive any feedback. Plese provide to restore the correct account acccess with temporary password.

I have the same problem, almost a month ago, I already filled out the form, I've exchanged more than 30 emails with support and they can't solve my problem, I've never seen such bad support in my life. Please someone help me. I had to create another account putting another credit card, to be able to write in this topic. And I'm afraid they'll clone this account too. What a sad service you guys provide with support.

I recently have the same issue. April 11, 2023 5:14AM My time. I recieved an email saying that AWS has detected an unusual log in activity. April 11, 2023 5:16AM My time. I recieved an email saying that my account email was changed to be new weird email.

I did not noticed this acitivity untilI found that there is a transaction in my credit card one day later that is charged from AWS.

They not even ask for verification code for changing the email. It looks so easy when someone just took my account.

When trying to restore password. It said my account (with my email) does not exist.

Submitted ticket to Compliance team and did not even recieved any email confirmation or ticket number to say that my case is being taken care of.

I need to register my new account with the same email to comment here.

Hi,

I just had the exact same thing happened to me. My password is 25+ characters long, and I've not used this account for over 4 years, thus it's very unlikely due to a compromised credentials.

Everything seems to be recovered (was empty anyway), but I'm very curious how this might have happened?

J

I'm sorry to read this. The only thing I can think of would be to contact your card company to try to block further charges against your card?

I know this is too late but if you have any other accounts I would strongly advise configuring MFA and following other steps highlighted on the IAM best practices page: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Good Luck!

Hello,

I'm sorry to hear this! It sounds like you've already filled out the following contact form to reach our Support team: http://go.aws/account-support.

I recommend refraining from creating additional cases to prevent any confusion or delay in receiving assistance. Our Support team has the proper tools to help recover your account. They will also be able to assist with any account or billing questions you may have.

As we take security very seriously, this process may take some time to investigate and resolve. Thank you so much for your patience while our agents work on your case.

Best regards,

Kita B.

Good day.

I am sorry to hear the issue you are having.

First, if your root account was compromised then please:

1. As was stated earlier, if you have already opened an AWS support account, then please refrain from opening additional cases as this may cause a delay in response.

2. If you do not have access to the account, then please create a NEW account and open a ticket to AWS Support using Support Center, referencing the account that was compromised and providing the e-mail address that was compromised.

3. If this was a linked account, or an account within AWS organizations, then please open a ticket via support center from the payer account.

Once access to the account (root user access) has been restored, please ensure you follow practices in this guide: https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/

Again, please correspond on the initial support case opened so our internal teams can rapidly support you during this issue. Ensure all details specific to your account, yourself, and the security event are kept within the Support ticket.

Sincerely,

Jason H.