Hey everyone, I ran into a crisis with my AWS account being compromised back in February 2026. Someone went on a rampage, creating a bunch of resources like EC2 instances across different regions without my consent. It escalated quickly, and before I knew it, the charges skyrocketed.
Once AWS alerted me about the suspicious activities, I took immediate action: deleted all unauthorized resources, removed users and roles, and tightened account security. Despite my efforts, after AWS reviewed my case, they confirmed the hack and I was left with a whopping bill of $9,800. They offered a partial adjustment of $3,318, but I'm still stuck with $5,909 that they want me to pay via wire transfer.
I tried to contest the remaining charges, arguing that they were due to unauthorized use, but they told me that according to the AWS Shared Responsibility Model, customers are held accountable for all activities in their accounts.
Has anyone else faced a similar dilemma with AWS after a security breach? What are my options now? Can I escalate this further or negotiate a better settlement? Any tips or experiences would really help me out. Thanks!
1 Answer
Unfortunately, once AWS assesses the situation and makes a billing adjustment, they usually won't offer another one. Your main options are to pay the bill or risk account closure, which might lead to having your access revoked permanently. It's a painful lesson about maintaining strong security measures.
If we choose not to pay and ask AWS to close the account since we're not using it anymore, what could happen? Will closing it affect our ability to make any new accounts in the future?