[Emil]

twice in one week!

Both times I receive an email saying that my request to change my email was done.
As I try to log in, lo and behold, my email is now "haochan1855882@list.ru."
.ru? RUSSIANS!
Of course, I call I Amazon to report it and have it reset. Each time taking 2 business days to do so. They inform no purchases have been made.

I doubt this was a personal attack on me but more of an attack on Amazon. Unless I pissed off some Russian.

What do you think is going on here? How do they do it? What are they looking to get from my account?
Credit card info?

[Phil A]

You didn't by chance get one of those emails that an Amazon Gift card was waiting for you?  That's a common scam.  I actually use a couple of different emails.  One is more for personal use and gets used most of the time.  The other is for audio stuff and ordering and other than that it doesn't get used much.  I'll often see those scam email on my personal email (which is not used for audio or ordering like Amazon) and report them.  I also don't order anything, except on a rare occasion, from other than my PC at home on my own Network.

[wushuliu]

It’s important to change your passwords for all internet accounts regularly. That includes modems and routers. You have to assume that at some point in the last five years your information has been hacked. Because it has. Only now for instance has it been revealed that not some Yahoo accounts were hacked, but ALL of them. Ponder the sheer scope of that for a second. Name any major company online and odds are it has been hacked or ‘breached’ in the last five years. Act accordingly.

Also run antivirus scans and use spyware blockers for your browser.

[Branson4020]

Besides changing your password, enable two-factor authentication on Amazon.

[JakeJ]

To answer your question, Emil, they are after any info that will lead them to money.  How they do it I don't know but I absolutely believe the punishment for black hat hackers should be much, much more severe.  Much.

I guess this is as good a time as any to change all my website passwords as well.  I do thank you for posting this.

[brj]

Step 1:  Make absolutely sure that you change the password on your Amazon account and any other account that uses the same password.  (Make them different.)

Step 2:  I'd strongly recommend the use of a password manager to generate and store for future use a (very) strong, unique password for each website utilizing a login.


(The two-factor authentication recommendation is solid advice as well.)


I use 1Password across my various Apple devices, though with the updates to the native Mac password management capabilities that accompany Mojave OS update, I suspect I won't choose to pay for future updates to 1Password in favor of moving over to the Apple native system.

There are several good candidate password managers out there for all platforms, and many will work across all of your devices.  Very handy, and very secure.  (Password length is important.  I usually go for the longest passwords a given website will allow.  My passwords look like long strings of gibberish.)

[Elizabeth]

Fifty years ago if someone had told me I would one day need to remember stuff like G%72YsM44# I would have said they are crazy...
Now I know...
(and that was just made up and bears no similarity (or does it?) to any password I use.)
For me the main thing is useage. If I use the passwords several times a week, no problem with remembering and changing them.
At work we had an app I maybe used once every six months. The pass word HAD to be changed every six months, and had to be complicated, and never used again. For that account I never bothered. I emailed the IT guy and asked for a new password. Every time.

[Goosepond]

And I remember way back when, I didn't know what a password was. I must be really old! 

Gene

[Branson4020]

I'll reiterate what BRJ said.  Use a password manager.  They generate really strong passwords and you don't have to remember them (or even know what they are.)  I use the free version of LASTPASS and its wonderful.  I can have a different username & password for every site and it will even bug me to change them periodically.

[FullRangeMan]

I'll reiterate what BRJ said.  Use a password manager.  They generate really strong passwords and you don't have to remember them (or even know what they are.)  I use the free version of LASTPASS and its wonderful.  I can have a different username & password for every site and it will even bug me to change them periodically.

I will advice against passwords manager, instead store your passwords in a book near the computer and never access your bank account remotely by your PC, just in the bank terminal or cash machine.

Not inform the CC number to Amazon, pay Amazon with Paypal also will help alot.

[srb]

..... and never access your bank account remotely by your PC, just in the bank terminal or cash machine.

Most personal information security breaches are from the companies' servers being hacked.  Your personal information is stored there and it has little to do with whether you access your account online or have even set up an online account.

[FullRangeMan]

Most personal information security breaches are from the companies' servers being hacked.  Your personal information is stored there and it has little to do with whether you access your account online or have even set up an online account.

OTOH many data crawling are done on the internet providers that people use by employees who want to earn an extra income selling this info, if one do not access the bank they will not take any critical data.

[bluemeanies]

Bummer...and that's not to say that millions of people like myself have gone though the same frustrating nonsense you are dealing with Amazon.

I invested in 1password. It stores all logins and passwords and also generates STRONG PASSWORDS.

I have been hacked in FB and Amazon but I did not use the generated passwords. Since I have changed to strong generated passwords using 1Password I have not had a problem.

[Emil]

Thanks guys

Changed my password to a bunch of gibberish and numbers.

We'll see

[Emil]

Thanks guys

Changed my password to a bunch of gibberish and numbers.

We'll see

My account is compromised again! WTF?

This time I'll need to change my email address

[JohnR]

I will advice against passwords manager

Why is that?

[JohnR]

My account is compromised again! WTF?

This time I'll need to change my email address

Have you removed your credit cards from the account?

Is it possible that the computer you are logging in from is compromised?

[Emil]

Have you removed your credit cards from the account?

Is it possible that the computer you are logging in from is compromised?

Logged into from several computers.

Amazon assured me that no orders have been placed but I will check with my CC company today.
Only the last 4 digits of the CC card is visible in ones account. I would think that there must be another wall to breach to obtain access to all the numbers

I'm beginning to think this is more of a hack against Amazon than a hack against myself with the sole purpose to disrupt their business. I asked if they are seeing more of this hacking recently but they could not confirm or deny

[FullRangeMan]

Why is that?

All my passwords stored in a software just a step from being stoled put me nervous. I already have lost two gmails accounts in some years, so I shure a paper copy book safely near my PC will remain safe from web hazards.

[skunark]

If it happened twice in one week, it's more likely your computer has been compromised.   Not sure on your OS, i assume it's windows, but make sure you are current on all software and if you are running windows, run at least windows defender.  Delete applications that are not used or seldom used, make sure they are up to date too.

For TFA there's no real good option even though it is one of the best defenses we have.
TFA smartphone app - if you lose or break your phone, you have to have a copy of the onetime passcodes, if you change your phone that is also a problem
TFA text - If you use a cellular service for this, you can be open to a sim card hack - It's recommenced to use google voice since a sim card isn't used.  You can't lose your cell number either
Password managers - you have your eggs in one basket but at least the passwords are better.  Avoid password managers that use java or flash, the two most hacked products ever...

There is a rule at work for employees who interface with customers about keeping the minimum data for the shortest amount of time.  I try to apply that to everything now, i will even go back and delete my contact information on a website if I don't plan to order from them anytime soon.    When i have an insurance claim or visit a doctor, i keep asking how they plan to use that information and eventually say no.  If a lot more folks did that, i think they would get the picture.  It drives me crazy when a doctor's office wants to take a photo as i sign in, I'm pretty sure they just print it out for the doctor, but I find it extremely rude.

I'm now down to the point where I only store a CC on a few websites and try to use either PayPal or ApplePay both of which have more stringent security and is faster.