By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

My Account Got HAcked

0

Hey my aws account just got hacked i dont know what to do , i received an email that my aws email is changed and now i have no access to my account , what can i do all the debit card info is attached to that aws account , i am just a student i dont know what to do in this situation please help me

Topics
Management & Governance
Tags
AWS Account Management
Language
English
Tanish
asked 8 months ago327 views
4 Answers
3
Accepted Answer

Couple of options to do:

  1. Please immediately send an email to abuse@amazonaws.com explaining the situation and providing details
  2. Open a new account, enable MFA, contact AWS support and provide details.

If you are too much concerned, you can act on both the options. Let me know if this helps.

AWS
rePost-User-5454640
answered 8 months ago
profile picture
EXPERT
Govind Kumar
reviewed 8 months ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 8 months ago
3

First, immediately report abuse and log a support ticket with AWS if you can access the account otherwise use this Contact Us form.

AWS support is well equipped and they would definitely help you out in this situation.

If you can access the account, then here are the action items, that you need to take care of immediately:

IAM User Revoke Session Temporary Credentials

Deactivate IAM User access keys

There may be other users/roles might also exist, which would have been created under this account compromise incident. Make sure no IAM user or role exists which you haven't created.

To identify all those suspicious activities, follow this Knowledge Center Article for best practices so that it doesn't happen again. Also, check if you see any suspicious activity in cloudtrail.

Have MFA enabled on IAM users/roles for an additional layer of protection.

Hope it helps.

profile pictureAWS
EXPERT
secondabhi_aws
answered 8 months ago
  • Tanish
    8 months ago

    hello thankyou my issue was resolved i got my account back ,, but the biggest issue now is i have some roles in my aws account which i cant delete i dont know why and they have admisnistrator access

0

This might help you https://repost.aws/knowledge-center/potential-account-compromise

profile picture
EXPERT
Govind Kumar
answered 8 months ago
  • Tanish
    8 months ago

    hello thankyou my issue was resolved i got my account back ,, but the biggest issue now is i have some roles in my aws account which i cant delete i dont know why and they have administrator access

0

If the root account email address has been changed to something that you don't have access to, and you now cannot get into your AWS account at all, this is the best way of getting in touch with AWS Support https://support.aws.amazon.com/#/contacts/aws-account-support/

The sooner you get this reported to AWS the sooner they can start to help you regain access to your account.

Make sure you click the checkbox Is this request related to an unauthorized email change?

Your debit card details won't be available to anybody that has access to your account (the last four digits of the card number and the expiry date, but that's all). So nobody should be able to get your card details and then go on a spending spree.

Just out of interest, the credentials that you've used to login to re:Post to ask this question. Are they related at all to the account that has been compromised?

profile picture
EXPERT
Steve_M
answered 8 months ago
  • Tanish
    8 months ago

    hello thankyou my issue was resolved i got my account back ,, but the biggest issue now is i have some roles in my aws account which i cant delete i dont know why and they have admisnistrator access

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content