Hey everyone, I recently had my Amazon account hacked and some purchases were made using my credit card. I think this happened because I might have accidentally downloaded malware while logged into my account. I did a full scan with Malwarebytes and Windows Defender, but they didn't find anything. I haven't received any email alerts about a login from a new device, and my computer was off when the purchase occurred. Is it possible for malware to hijack a session token to log in from another device without triggering alerts? I'm hoping to avoid wiping my drives if there's another solution.
4 Answers
Think simpler! Was your Amazon password unique and randomly generated? If not, they might have just used credential stuffing to get in. If that was the case, it’s strange you didn’t get any email alerts.
Yes, malware can capture session cookies, allowing them to log in without triggering new device alerts. You don’t necessarily need to wipe all your drives; just a clean Windows install should suffice. Make sure to check your Chrome extensions too, as they can also introduce vulnerabilities if they turn malicious.
It might not even be your computer that got hacked—it could be your phone. Also, keep an eye out for phishing attempts. Change your password, log out of all devices, and set up two-factor authentication.
If a keylogger was installed, it could have captured your email password too. They might filter out those 'new device login' alerts you’d expect. Honestly, the safest route would be to reinstall your OS completely.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads