Amazon accounts can be hacked by a variety of approaches, such as phishing, malware, and compromised credentials. It’s also possible that your account was exposed in a data breach — though there have been very few Amazon data breaches in recent years.
If your Amazon account was hacked, here’s how it may have happened, as well as what to do about it.
5 Ways Your Amazon Account Can Be Broken Into
One of the most common ways an Amazon account is broken into is through phishing. Hackers create fake emails designed to resemble genuine messages from Amazon. Those emails contain links that don’t direct you to the Amazon site. Instead, they send you to a malicious copy of the login page, and when you enter your login credentials, you’re handing that information over to the attacker, not Amazon.
Once your login data is captured, the hackers can use it themselves, sell it to others, or post it on the dark web. In any of those cases, someone else can gain access to your account. And when they do, they can potentially make purchases, change passwords, access connected streaming services, and more.
A keylogger – also known as a keystroke logger – is a type of malicious software that allows a third-party to record every keystroke you make. It’s a type of spyware and often ends up on a computer after clicking a malicious link while online or in an email or by clicking infected attachments in emails, messenger messages, or similar locations.
Once a keylogger is in place, the attacker can capture a wide array of login credentials depending on your activity. If you head to Amazon and log in while a keylogger is active, the hacker can identify your password based on the keystroke logs the malicious software creates.
3. Someone You Know
The people in your life often know you best, which could allow them to guess the password on your Amazon account. Additionally, family members and friends may have access to your connected devices, allowing them to perform certain actions on your account even if they don’t have your password.
4. Amazon Breach
If Amazon suffers a breach that compromises user login information – such as email addresses and passwords – that information makes you vulnerable to a hack. The attacker could use the login credentials themselves, may sell them to others, or might openly post them on the dark web.
Among the various options, this one is the least likely. Amazon data breaches are rare, and there aren’t any major incidents involving user credentials. However, it’s technically a possibility.
Generally, if there’s a data breach, information will spread quickly once people are aware of the event. Companies are required to inform users if their data is compromised within a specific timeframe, so you’d likely receive an email from Amazon about the incident if you’re identified among the accounts involved. Additionally, news articles usually pop up in short order.
5. Breaches Elsewhere
While Amazon has an excellent track record when it comes to securing customer login credentials, not all companies perform as well in this arena. In 2021, there were 1,862 known data breaches, representing a 68 % increase over 2020’s figures.
Many would assume that data breaches at other companies they do business with won’t impact their accounts at Amazon. However, if you rely on the same login credentials to secure multiple accounts, you’re at risk of a hack.
Many hackers and login purchasers will attempt to use any login credentials they gather at multiple sites, including popular retailers, streaming services, and banks. As a result, they may try to use login information collected through a breach to access Amazon accounts even if the credentials aren’t known to work on Amazon. Essentially, they’re hoping they’ll get lucky, and since so many people reuse email and password combinations, they are successful more often than you’d expect.
What to Do If Your Amazon Account Is Hacked
1. Change Your Password Immediately
If you see suspicious activity on your Amazon account, the first step you need to take is to change your password. Log into the site, head to Accounts & Lists, go to Your Account, and then move to Login & Security. Choose a new password that’s complex and not used elsewhere.
If the hacker changes your password, you might need to reset your password to regain access to your account. However, if the attacker changed the associated email address too, you’ll need to call Amazon for assistance. You can use the main customer service line at 888-280-4331, which is available 24/7.
2. Turn on Two-Step Verification
Two-step verification limits access to your account by requiring an additional code to log in to your account from unfamiliar devices. You choose a mobile number to receive the code. Then, when a new device tries to log in to your account, it automatically triggers the code delivery process, sending the number as a text message.
With two-step verification, your password alone isn’t enough to get into your account. Plus, unexpected codes show you that someone else may be trying to gain access, letting you know that your other login credentials are potentially compromised.
3. Audit Your Account
After making the changes above, spend time auditing your account. Look for unauthorized purchases or account detail changes, such as new shipping addresses, phone numbers, or emails. Make sure you review any archived orders, as hackers may archive an order to make it less visible.
If you find anything suspicious, screen capture it before changing the data. Then, you can contact Amazon directly to discuss the breach.
4. Review Your Connected Card Data
After handling your Amazon account, log into your connected card accounts to look for unauthorized charges. If a hacker made a purchase using your card, it will show in your transaction list. By looking quickly, you’ll have an easier time disputing the charges.