How My Amazon Account Was Hacked

How My Amazon Account Was Hacked and how I recovered
How My Amazon Account Was Hacked and how I recovered

I receive a lot of emails from Amazon.com since my wife and I both buy stuff using the same account.  When I got up this morning I had an email from them apologizing because they disconnected a chat session with them because the chat was left idle.  That wasn’t the case and this is the story of how my Amazon account was hacked…

How My Amazon Account Was Hacked

I had opened a Amazon Associates support window by accident yesterday and assumed that somehow it was because of that.  This is the email I received:

Email apologizing for closing idle chat

Later that morning I received another email that I assumed was connected with the one above and dismissed that one too:

Amazon.com customer service email thanking me for contacting them

When I got out of an all-morning meeting I noticed the following 2 emails and I got really concerned:

Amazon.com email showing the address had been changed

I have never seen that address in Ohio above and I knew that neither my wife nor I had placed that order.  I had purchased that scanner though.  I was very concerned at this point so I quickly logged into my Amazon.com account and cancelled the order:

 

 

 

I was confused because I couldn’t figure out why I wasn’t being charged for this fraudulent order.  I searched Google for the shipping address and discovered that the address is for an international freight forwarding company called ws1.com.

Although I don’t know how the person got my amazon.com password I do know what happened:

Step 1: They logged into my amazon.com account.

Step 2: The looked through my previous purchases, looking for the most expensive item.

It was a Epson Perfection V700 Scanner.

Step 3: They initiated a chat session with Amazon.com support and claimed that the item never arrived.

This is even despite the fact that the UPS tracking number associated with the shipment shows that it was delivered and that was two months ago (and I hadn’t complained in the two months).

Step 4: Amazon.com set up a replacement order for the scanner.

Step 5: The hacker logged back into my amazon.com account and changed the shipping address to the international freight forwarding company address and suite number:

The hacker’s fraudulent address

Step 5: I was alerted by the emails.

I  quickly cancelled the shipment and contacted Amazon.com and changed my Amazon.com password.

Step 6: I tracked down the address to a company called ws1.com.

They were nice when I talked to them and, although they wouldn’t tell me the name of the person whose account that suite was associated with, they did tell me that the account was new (still in the free trial period), it was associated with someone in the Middle East (Jordan, to be specific), and they were going to cancel the account right away.  They attempted to call the number they had on file but it just rang and no one answered.

Step 7: I wanted to poke around in my Amazon.com account to see if the hacker had changed anything else.

But when I went to log in, it rejected my newly changed password?!?!  That really spooked me, let me tell you.  I had to click the “lost my password” link to get in.  Then, about 15 minutes later I received an email from Amazon.com saying they had reset my password.  That must have been what was going on and I tried logging in before they could send me an email telling me about it:

The “little late” password reset notification I received from amazon.com

Step 8: I received this email from Amazon.com, essentially admitting there’s a problem going on:

Email from Amazon.com admitting “The situation you described requires further research.”

It’s a war out there people.  I have email 2-factor authentication turned on, so the person couldn’t stop me from receiving the emails so that is probably what saved me more damage.  I also have unique passwords for all my accounts, which I strongly recommend.  I have not a clue how they got my Amazon.com password though.

Amazon Associate Disclosure: As an Amazon Associate I earn from qualifying purchases. This means if you click on an affiliate link and purchase the item, I will receive an affiliate commission. The price of the item is the same whether it is an affiliate link or not. Regardless, I only recommend products or services I believe will add value to Share Your Repair readers. By using the affiliate links, you are helping support Share Your Repair, and I genuinely appreciate your support.

Tags from the story
, , , ,
Written By
More from John Mueller
How to Program a Ritetemp Model 8050 Thermostat
I figured out how to program a Ritetemp Model 8050 Thermostat and...
Read More

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *