Shopping Discussion

Unusual amazon account activity

  • Last Updated:
  • Sep 3rd, 2020 3:10 pm
[OP]
Deal Addict
Apr 13, 2017
1591 posts
707 upvotes
GTA

Unusual amazon account activity

Few weeks ago, got an email that mobile number has been deleted from amazon uk account (I never signed up for amazon uk). One more email that there was a sign in attempt from Washington DC.

Reset my password, removed my payment methods.

Yesterday got email that there was an order placed from my amazon.ca account , followed by email that my account has been locked and that I would need to reset my password.

Checked my account- no orders, charges to my credit card etc (I had removed all my credit cards).

Anyone also had similar unusual activity? I’m pretty much done with amazon. I set a super strong password and have 2 factor authentication, but still hacked.
18 replies
Deal Addict
User avatar
Jun 13, 2010
2958 posts
2885 upvotes
GTA
engineered wrote: Are you sure those emails are actually from Amazon and not phishing emails?
This. Has nothing to do with your Amazon account, they just want you to click on the link in the email. I've have "payment failed" emails from "Netflix" to an email I didn't use for Netflix, Paypal problem emails and I don't use Paypal. I even had messages for problems with my account from banks I've never used.
Sr. Member
Nov 23, 2004
642 posts
988 upvotes
Ontario
You've been phished my friend.

Anywhere else you use that email or password I would also be going and resetting because they now have that particular email+password combination known, and likely also being published/sold among all sorts of illegitimate groups out there now too.
[OP]
Deal Addict
Apr 13, 2017
1591 posts
707 upvotes
GTA
Not phishing. They are legit amazon emails. I used unique password for amazon that was never used elsewhere.
Deal Addict
User avatar
Jun 13, 2010
2958 posts
2885 upvotes
GTA
headleygrange wrote: Not phishing. They are legit amazon emails. I used unique password for amazon that was never used elsewhere.
How can they be legit if you never signed up for the UK? Call Amazon, they will tell you if they are real or not.
[OP]
Deal Addict
Apr 13, 2017
1591 posts
707 upvotes
GTA
Called amazon. Apparently, someone hacked my account, added a payment information (not my card) and sent a package to my address.

Weird.

Anyways, they canceled order, payment method etc. I had 2 factor authentication set always on, but somehow they were able to skip that.
Deal Fanatic
User avatar
Jul 7, 2003
7234 posts
2027 upvotes
T dot 6
headleygrange wrote: I had 2 factor authentication set always on
Thanks, I didnt even realized amazon.ca supported 2FA
stubhub and clearly.ca suck, like really suck
Deal Fanatic
User avatar
Jul 7, 2003
7234 posts
2027 upvotes
T dot 6
headleygrange wrote: I had 2 factor authentication set always on, but somehow they were able to skip that.
Im curious, did you use SMS or Authenicator app for 2FA?

I read SMS is not a secure method for 2FA, its better then no 2FA but phone numbers can be spoofed.
stubhub and clearly.ca suck, like really suck
[OP]
Deal Addict
Apr 13, 2017
1591 posts
707 upvotes
GTA
Jaytee wrote: Im curious, did you use SMS or Authenicator app for 2FA?

I read SMS is not a secure method for 2FA, its better then no 2FA but phone numbers can be spoofed.
SMS.
Deal Addict
User avatar
Jun 13, 2010
2958 posts
2885 upvotes
GTA
headleygrange wrote: Called amazon. Apparently, someone hacked my account, added a payment information (not my card) and sent a package to my address.

Weird.

Anyways, they canceled order, payment method etc. I had 2 factor authentication set always on, but somehow they were able to skip that.
Weird. Don't see what the hacker gets out of it shipping something to your address.
Deal Expert
User avatar
Aug 18, 2005
19934 posts
4520 upvotes
Burlington-Hamilton
This kind of thing is why I create a unique e-mail for each service I use. It's a hassle to set up, but you can shoot down scam attempt really fast.
Deal Expert
Jan 17, 2009
18713 posts
26941 upvotes
ONTARIO
Jaytee wrote: Thanks, I didnt even realized amazon.ca supported 2FA
I use the Google Authenticator app as my 2FA on Amazon and it works great.
I wish every website would add support for this! Especially banking websites like TD.
Sr. Member
Sep 24, 2004
777 posts
356 upvotes
Scarborough
BobSagget wrote: I use the Google Authenticator app as my 2FA on Amazon and it works great.
I wish every website would add support for this! Especially banking websites like TD.
Didn't know Amazon supported Google Authenticator.

Thanks for the tip.
Deal Expert
User avatar
Aug 18, 2005
19934 posts
4520 upvotes
Burlington-Hamilton
BobSagget wrote: I use the Google Authenticator app as my 2FA on Amazon and it works great.
I wish every website would add support for this! Especially banking websites like TD.
Has amazon updated now so that you can exclusively use Google Authenticator, etc., without having a phone number backup?

This is the whole reason I didn't enable 2FA on Amazon. I don't want my phone provider the be the weakest link.
What if there were no hypothetical questions?
[OP]
Deal Addict
Apr 13, 2017
1591 posts
707 upvotes
GTA
So, only keep the authenticator app, but not use any backup method ?
Deal Expert
Jan 17, 2009
18713 posts
26941 upvotes
ONTARIO
Jucius Maximus wrote: Has amazon updated now so that you can exclusively use Google Authenticator, etc., without having a phone number backup?

This is the whole reason I didn't enable 2FA on Amazon. I don't want my phone provider the be the weakest link.
yes, I think so. It's been a few months now since I set it up but I don't remember needing any phone number backup when I enabled it.
Deal Expert
Jan 17, 2009
18713 posts
26941 upvotes
ONTARIO
Jucius Maximus wrote: Has amazon updated now so that you can exclusively use Google Authenticator, etc., without having a phone number backup?

This is the whole reason I didn't enable 2FA on Amazon. I don't want my phone provider the be the weakest link.
Yes, I just verified again that a phone number backup is not required.

Image
Deal Expert
User avatar
Aug 18, 2005
19934 posts
4520 upvotes
Burlington-Hamilton
BobSagget wrote: yes, I think so. It's been a few months now since I set it up but I don't remember needing any phone number backup when I enabled it.
You're right. Thanks, I have it set up now!!
headleygrange wrote: So, only keep the authenticator app, but not use any backup method ?
That's what I do. But it's dicey. You have to be confident in your own ability to recover from data loss and phone loss.
A good way to do this is to save all of those 2FA QR codes into an encrypted password manager.
And you should be doubly sure you regularly back up that password manager's database. Otherwise you could be in for a big headache if you experience data loss.
What if there were no hypothetical questions?

Top