amazon account hacked and generating money charges

0

Hello, on saturday 06/04 my account was hacked by an error when I published a password in a public repository, when I received the change email, I deleted all keys and roles, as well as aws users, I changed the password of the account, and changed my email password, actrive MFA with the phone, I stopped all services that were started (apparently for mining with EC2) and checked everything, However, the account is still violated, currently with a charge of 40 usd of something I never use and I fear it will continue to rise, I already sent a case in review, attached images, but no one solves the problem, I want to delete the account, I want to unlink my data, every hour that passes I feel that more charges will be generated, more services initiated, EVERYTHING. besides if i close the account, the charge will remain open and will arrive to my address, a charge that i never used, i only had the account for educational purposes. this is totally frustrating, i talked to support but they take 2 days to answer every message, and every second that passes a new active service is generated.... I do not know what to do, I have seen cases where they reach 10k of debt, and I do not want to reach that, I am a student, I can not pay, and above all, I can not pay something that does not correspond to me, my account was HACKED, it is as simple to verify my innocence as to see from where the requests are made, instance creations, accesses. and see that does not correspond with my country and address registered in the AWS account...PLEASE I NEED HELP.

1 Answer
0

Alright.

If you made sure you are currently the only one that can access the account you can control the cost generated from this point onwards.

  • remove all users
  • remove all access keys

There might be scripts in place that automatically instantiate costly services:

  • delete any EventBridge rule (all regions)
  • delete any Lambda (all regions)

Monitor Cost Explorer daily to minimize additional costs.

  • try seeing what generates the cost and shut it down.

Don't worry too much. If you file a support case AWS Support often will waive any costs. (If it is the first time this happens, and cost are relatively low).

You also have to understand that AWS can't tell the difference between your account being hack or that you willingly handed them a password.

profile picture
JaccoPK
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions