- 최신
- 최다 투표
- 가장 많은 댓글
Couple of options to do:
- Please immediately send an email to abuse@amazonaws.com explaining the situation and providing details
- Open a new account, enable MFA, contact AWS support and provide details.
If you are too much concerned, you can act on both the options. Let me know if this helps.
First, immediately report abuse and log a support ticket with AWS if you can access the account otherwise use this Contact Us form.
AWS support is well equipped and they would definitely help you out in this situation.
If you can access the account, then here are the action items, that you need to take care of immediately:
IAM User Revoke Session Temporary Credentials
Deactivate IAM User access keys
There may be other users/roles might also exist, which would have been created under this account compromise incident. Make sure no IAM user or role exists which you haven't created.
To identify all those suspicious activities, follow this Knowledge Center Article for best practices so that it doesn't happen again. Also, check if you see any suspicious activity in cloudtrail.
Have MFA enabled on IAM users/roles for an additional layer of protection.
Hope it helps.
This might help you https://repost.aws/knowledge-center/potential-account-compromise
hello thankyou my issue was resolved i got my account back ,, but the biggest issue now is i have some roles in my aws account which i cant delete i dont know why and they have administrator access
If the root account email address has been changed to something that you don't have access to, and you now cannot get into your AWS account at all, this is the best way of getting in touch with AWS Support https://support.aws.amazon.com/#/contacts/aws-account-support/
The sooner you get this reported to AWS the sooner they can start to help you regain access to your account.
Make sure you click the checkbox Is this request related to an unauthorized email change?
Your debit card details won't be available to anybody that has access to your account (the last four digits of the card number and the expiry date, but that's all). So nobody should be able to get your card details and then go on a spending spree.
Just out of interest, the credentials that you've used to login to re:Post to ask this question. Are they related at all to the account that has been compromised?
hello thankyou my issue was resolved i got my account back ,, but the biggest issue now is i have some roles in my aws account which i cant delete i dont know why and they have admisnistrator access
hello thankyou my issue was resolved i got my account back ,, but the biggest issue now is i have some roles in my aws account which i cant delete i dont know why and they have admisnistrator access