So you've been hacked, if it's Amazon don't Panic, things can get resolved quickly if you have contacts to hand!
I was out of the country at the time but it turned out that the time-zone I was in happened to be close to the attackers so I was just as awake as they were. Fortunately, I had set up an unusual activity "snitch" that triggered an alert on any unexpected changes for our online accounts. The inbox relayed an Amazon fraud message header via SMS so I was able to log in and immediately see the activity. Clearly the hackers had somehow acquired our ID, password and credit card details!!
They must have been in mid-takeover as I was able to still log in to my Amazon account at about the same time as the perpetrators were ordering stuff, meanwhile they "slightly" altered the email address (adding just one extra letter) the recovery phone number had been removed (which was the trigger for my alerts).
I was suddenly unable to authenticate to make account changes myself but I noticed a couple of smaller "presumably test" orders had been completed and were being processed to some dead-drop address. They had also signed the account up for Amazon Prime to expedite shipments. I noticed that numerous expensive items were being rapidly added to the cart, interestingly since I was technically still logged on, I could just as quickly remove them. I think they figured I was on to them and the activity stopped. At the same time, via numbers in my emergency preparedness contact list I was able to connect with the Amazon account fraud folks who then froze the access and cancelled all pending orders, and reset Amazon Prime.
This turned out to be an opportune time as we were about to get a new credit card number anyway - perhaps this may have been a last-minute attempt by the hackers to harvest some soon-to-expire cards?
The Interesting process determining "how" this happened, the culprit appears to have been an Eastern European hacker-ring leveraging a suspected significant credential leak. We did receive a notice a few days later of a breach from a source that also happened to be an Amazon Payment partner we had used :(
All is OK - new credit card, stronger passwords, more and better alerts! Still could do better but good enough for now!!
As for the breach alert - hmmm, a day late and a dollar short as they say!! Kudos to Amazon for being on the ball and freezing the account until things were reset.
I was out of the country at the time but it turned out that the time-zone I was in happened to be close to the attackers so I was just as awake as they were. Fortunately, I had set up an unusual activity "snitch" that triggered an alert on any unexpected changes for our online accounts. The inbox relayed an Amazon fraud message header via SMS so I was able to log in and immediately see the activity. Clearly the hackers had somehow acquired our ID, password and credit card details!!
They must have been in mid-takeover as I was able to still log in to my Amazon account at about the same time as the perpetrators were ordering stuff, meanwhile they "slightly" altered the email address (adding just one extra letter) the recovery phone number had been removed (which was the trigger for my alerts).
I was suddenly unable to authenticate to make account changes myself but I noticed a couple of smaller "presumably test" orders had been completed and were being processed to some dead-drop address. They had also signed the account up for Amazon Prime to expedite shipments. I noticed that numerous expensive items were being rapidly added to the cart, interestingly since I was technically still logged on, I could just as quickly remove them. I think they figured I was on to them and the activity stopped. At the same time, via numbers in my emergency preparedness contact list I was able to connect with the Amazon account fraud folks who then froze the access and cancelled all pending orders, and reset Amazon Prime.
This turned out to be an opportune time as we were about to get a new credit card number anyway - perhaps this may have been a last-minute attempt by the hackers to harvest some soon-to-expire cards?
The Interesting process determining "how" this happened, the culprit appears to have been an Eastern European hacker-ring leveraging a suspected significant credential leak. We did receive a notice a few days later of a breach from a source that also happened to be an Amazon Payment partner we had used :(
All is OK - new credit card, stronger passwords, more and better alerts! Still could do better but good enough for now!!
As for the breach alert - hmmm, a day late and a dollar short as they say!! Kudos to Amazon for being on the ball and freezing the account until things were reset.