My Account Got HAcked

First, immediately report abuse and log a support ticket with AWS if you can access the account otherwise use this Contact Us form.

AWS support is well equipped and they would definitely help you out in this situation.

If you can access the account, then here are the action items, that you need to take care of immediately:

IAM User Revoke Session Temporary Credentials

Deactivate IAM User access keys

There may be other users/roles might also exist, which would have been created under this account compromise incident. Make sure no IAM user or role exists which you haven't created.

To identify all those suspicious activities, follow this Knowledge Center Article for best practices so that it doesn't happen again. Also, check if you see any suspicious activity in cloudtrail.

Have MFA enabled on IAM users/roles for an additional layer of protection.

Hope it helps.

This might help you https://repost.aws/knowledge-center/potential-account-compromise

If the root account email address has been changed to something that you don't have access to, and you now cannot get into your AWS account at all, this is the best way of getting in touch with AWS Support https://support.aws.amazon.com/#/contacts/aws-account-support/

The sooner you get this reported to AWS the sooner they can start to help you regain access to your account.

Make sure you click the checkbox Is this request related to an unauthorized email change?

Your debit card details won't be available to anybody that has access to your account (the last four digits of the card number and the expiry date, but that's all). So nobody should be able to get your card details and then go on a spending spree.

Just out of interest, the credentials that you've used to login to re:Post to ask this question. Are they related at all to the account that has been compromised?