I think my AWS account might have been hacked. I received a bunch of emails from AWS about a request to increase my sending limits—something I definitely didn't do. When I tried to sign in to secure my account by changing my password, it prompted me for multi-factor authentication (MFA) that I never set up. I'm really worried about hackers misusing my account and racking up charges. I've tried to contact customer support, but I can't even access the 'forgot password' option. Can anyone help me with this?
3 Answers
This situation highlights why MFA is so important. If AWS is going to allow accounts to be accessed without it, they should really reconsider their policy. It's essential for everyone to enable it to prevent hacks like this.
It sounds like the hackers may have guessed or stolen your password, changed it, and set up MFA because you didn't have it enabled. This is a big problem, especially since they're likely trying to use your account for spam or other unauthorized activities. Try to reach out to AWS support ASAP to recover your account. Unfortunately, they might not be very forgiving about any charges since you didn’t secure your account. Once you get it sorted out, definitely set up MFA to avoid this in the future! Good luck!
I’m not able to sign in using my phone number or email either; it said phone verification couldn’t be completed. It's really tough trying to get in touch with them! I opened a case number.
AWS actually reached out to me for an alternative contact number. I replied and I hope they haven't made too many changes yet. I wasn't informed about MFA either until now, and all my other accounts have it set up already.
You can use this link to open a support ticket without having to log in since your account is compromised. While you’re waiting, check out this article—it might help you get back into your account.
Absolutely! They really should make MFA mandatory if they're serious about account security.