My AWS account got hacked back in February 2026, and the intruder ended up racking up a massive bill because they created a ton of resources, mainly EC2 instances, in various regions without my knowledge. Once I received the alert from AWS about unusual activity, I acted quickly to secure my account by deleting all the resources, removing users and roles, and following all of AWS's recommended steps. They confirmed the compromise and approved a partial adjustment of about $3,318, but I'm still facing an outstanding bill of $5,909. Now, AWS is asking me to pay this remaining amount through a wire transfer. I've reached out to them again for a review, considering the charges stemmed from unauthorized use, but they say that under the AWS Shared Responsibility Model, I'm still on the hook for what happens in my account. Has anyone gone through something similar? What can I do now? Is there a way to escalate this or negotiate a settlement? Any insights would be greatly appreciated!
4 Answers
The AWS Shared Responsibility Model states that while AWS manages the security of their infrastructure, you’re responsible for securing your resources. Unfortunately, this means you’re likely liable for those charges. However, I’ve heard of cases where AWS forgave some of the debt in exchange for account closure, but that could restrict your access to AWS for a period.
I feel for you! Account compromises can be frustrating and costly. It's unfortunate, but you're not alone. I’ve seen AWS support work with some users to find a resolution, but it also depends on the specifics of your case.
Has AWS been responsive in your case? Might they reconsider the remaining charges since you’re no longer using the account?
Unfortunately, once AWS has done their review, they're usually not willing to offer further billing adjustments. Your main options are to either pay the bill or risk having your account closed, which could lead to a ban from using AWS altogether. It's a tough lesson on the importance of securing your account.
What if we choose not to pay and decide to close the account? Would we be completely banned from AWS in the future or just this specific account?
You should definitely contact AWS Support through chat or direct communication. They might provide some additional options or insights into your case, especially if you're not using the account anymore.
I’ll reach out to them again. Fingers crossed they can do something!
If we request a permanent closure of the account since we don’t intend to use it again, what can happen? And if we don’t pay, are there serious consequences?