By using AWS re:Post, you agree to the Terms of Use

Compromised account received a massive billing

0

I received a weird email from aws Singapore to tell me the account is updated which I didn't login for years. I thought it's a scam and ignored the email. After 8 days, I received another email said my account is compromised, Action Required: Irregular activity in your AWS account xxxxxxxxx4704 Amazon Web Services, Inc. no-reply-aws@amazon.com Jun 28, 2022, 8:48 PM (4 days ago) to me Hello, Your AWS Account may be compromised. Please review the following notice and take immediate action to secure your account.

This account compromise poses a security risk to your account (including other account users), and could lead to excessive charges from unauthorized activity. To protect your account from excessive charges, we have temporarily limited your ability to use some AWS services. To remove the limits, please follow the instructions below.

If the unauthorized usage is not stopped we may suspend your AWS account. Failure to contact AWS within five (5) days may also result in the suspension of your account and disruption of your AWS service in order to protect you from unauthorized usage and charges. To further protect your account from excessive charges, we may terminate any suspected unauthorized resources on your account.

Today I received a new email from aws told me my June bill is $160k which is insane. I closed the account immediately without checking the resource usage since it's too scary. Now I think the account is suspended and I cannot response to the ticket anymore.

What should I do to check the account and please please help me about the case, thank you very very much.

3 Answers
1

Hi there,

Terribly sorry for the worry this matter must be causing you.

In order to have this issue resolved you'll need to reach out to our Account & Billing support team via your Support Center.

Even if your account is in a closed state, you'll still be able to login and create support cases.

Please create a case, and mention the case ID linked to the compromised account issue. To ensure this matter is dealt with in a swift manner, I recommend making use of our callback / chat option: https://aws.amazon.com/premiumsupport/knowledge-center/aws-phone-support/.

Kind regards,

- Rafeeq C.

MODERATOR
answered a month ago
0

Hi Rafeeq, Thanks for the reply, but I cannot login to my old account, it always returns 400 error.

answered a month ago
0

Thanks for responding with that information.

In that case, please contact our Support team, using the following contact form (which does not require login), here: https://support.aws.amazon.com/#/contacts/aws-account-support.

Regards,

-- Ben G.

MODERATOR
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions