I recently discovered that my AWS account has been compromised, and within just three days, it racked up a bill of over $2000. As a student, I was using this account for my college projects, and I was careful not to exceed the free tier limits. The hack occurred on April 5th, and the unauthorized usage spanned the 5th, 6th, and 7th. I've decided to close the account, but I urgently need help from AWS support to resolve this situation. Any advice on what steps I should take next would be really appreciated!
6 Answers
This isn't just about MFA; much technology training skips cybersecurity. Students should definitely advocate for better training, like using the AWS Academy Learner Lab. It lets you explore many AWS tools without the risk of high costs. Check out this growing playlist for resources: https://www.youtube.com/playlist?list=PL7CNTJ3jJt7EvMQINqhABXjrV0EBYQhPZ.
Don't forget to enable billing alerts and use strong, unique passwords! It’s crucial if you want to avoid surprises like this in the future. If you're already doing all that, then it's just unfortunate what happened to you.
This really highlights why it's super important to have multi-factor authentication (MFA) enabled on all your accounts. It can save you from some costly mistakes like this. Don't let this happen to anyone else!
I had MFA set up! I even changed my password and added a new passkey the day before it got hacked.
Sorry to hear about your situation! Definitely reach out to AWS support by opening a case with their account team. They might have already sent you a notification email with instructions—check your inbox for that. If you can't find it, you can open a new case directly through their support center. Also, here's an article that might help you understand the process better: https://go.aws/44eLsEk.
One thing to note is that when you close an account, only certain resources still incur charges. The billing can often lag by about a day or so, so it might not reflect accurately right away. Just keep this in mind when you talk to support.
For immediate action, just open a support ticket with AWS. They’ll be able to help you sort this out.
I already did all of that, but it still happened.