I got an unusual email today claiming my request for a server in the Middle East was approved, and that anomaly detection is now active on my account. The problem is, I never made any such request. The email disappeared from my inbox and trash, and now when I try to log in, it's asking for multi-factor authentication that I don't remember setting up. I haven't accessed this account in 2-3 years. I attempted to log in using other methods but while the email verification goes through, the phone verification fails even though the last four digits match. I've already raised a case with AWS regarding the MFA issue. What should be my next steps?
1 Answer
It sounds like your email and AWS account might have been compromised. Auto-deleting emails can be a sign of hacking. Take this seriously—assume that the hackers might have full control of your email and other accounts. If you work in a company, get IT involved and follow your incident response plan.
I work for a company, but this was linked to my personal email. I checked and there were no strange logins or related activity in my Gmail after the incident. I did change my password and looked at the last three years of login history, and all were initiated by me. What should I do for my personal account now?