amazon account hacked and generating money charges
Hello, on saturday 06/04 my account was hacked by an error when I published a password in a public repository, when I received the change email, I deleted all keys and roles, as well as aws users, I changed the password of the account, and changed my email password, actrive MFA with the phone, I stopped all services that were started (apparently for mining with EC2) and checked everything, However, the account is still violated, currently with a charge of 40 usd of something I never use and I fear it will continue to rise, I already sent a case in review, attached images, but no one solves the problem, I want to delete the account, I want to unlink my data, every hour that passes I feel that more charges will be generated, more services initiated, EVERYTHING. besides if i close the account, the charge will remain open and will arrive to my address, a charge that i never used, i only had the account for educational purposes. this is totally frustrating, i talked to support but they take 2 days to answer every message, and every second that passes a new active service is generated.... I do not know what to do, I have seen cases where they reach 10k of debt, and I do not want to reach that, I am a student, I can not pay, and above all, I can not pay something that does not correspond to me, my account was HACKED, it is as simple to verify my innocence as to see from where the requests are made, instance creations, accesses. and see that does not correspond with my country and address registered in the AWS account...PLEASE I NEED HELP.
If you made sure you are currently the only one that can access the account you can control the cost generated from this point onwards.
- remove all users
- remove all access keys
There might be scripts in place that automatically instantiate costly services:
- delete any EventBridge rule (all regions)
- delete any Lambda (all regions)
Monitor Cost Explorer daily to minimize additional costs.
- try seeing what generates the cost and shut it down.
Don't worry too much. If you file a support case AWS Support often will waive any costs. (If it is the first time this happens, and cost are relatively low).
You also have to understand that AWS can't tell the difference between your account being hack or that you willingly handed them a password.
Root Account Hackedasked 6 months ago
AWS account hackedasked a month ago
amazon account hacked and generating money chargesasked a month ago
My AWS account has been hacked over a week and the support ticket is "unassigned". Billing charges are still being generated and I have no support to stop it from AWS.asked 6 months ago
Root account hacked and Email updatedasked 7 months ago
My Friend's AWS account got hacked!!asked 12 days ago
Compromised account received a massive billingasked 2 days ago
aws login errorasked 8 days ago
Account hacked, still charged with billasked 5 months ago
My website was hackedasked 3 months ago