Tragic story – AWS hacked account

I ran into this situation earlier this year, minus the horrific personal tragedy, I hope he's in a better condition now, I'm deeply sorry about having to go through that.

I called AWS To deactivate my account in May of 2020 because I was going through some medical hardships and wouldn't be able to maintain anything on there for awhile and I wanted to double check that I wasn't going to keep getting charged if I forgot to manually turn something off. I thought all went well and it would be turned off, until I checked my bank around a few months ago and noticed I was still getting charged for AWS.

I spent 3 weeks trying to get support to why I was still getting charged and for much more than I had ever set uo, but they wouldn't tell me anything because none of my emails matched any accounts they had on record. I finally got a support person to slip when I told her the name of my company and she said it was similar to the email on file, but that it was a Gmail account. I've never made a Gmail account for my business and I was the only one that ever had access to the AWS account. I don't know how someone could have gotten into the account and changed the email, but I couldn't log in and the only thing I could do was have my credit card company cancel the charges (which could only go back 3 months) and prevent new charges. I'm still baffled about how this happened, but I've moved to GCP and will never go back, those 3 weeks were insanely frustrating.

I wanted to fight tooth and nail, just because I'm sick of ultra-large corps' ability to get away with stuff like this, but my wife was worried about Amazon's retaliation and not being able to use Amazon to buy things which is half the problem. I don't really have any advice, but maybe if enough people share their stories something will make it to a headline.

1. If you put credit card, do chargeback and put your card on hold. Do not accept payment unless your lawyer tell you to do so.

2. Hire a lawyer. Make sure lawyer is competent in objecting all collection agencies.

3. Make it go viral. Try to reach out community to make story around it, like https://twitter.com/quinnypig

traceroute66 · 4 years ago

> If you put credit card, do chargeback and put your card on hold.

I'm sorry, but this is poor advice.

As per the Visa website, definition of a chargeback:

     "A chargeback (otherwise known as a dispute) is a way for your bank that issued your card to reclaim money from the retailer’s bank when you do not get the goods or services you paid for, including if the retailer or supplier has gone out of business."

Therefore:

     - If the cardholder knowingly signed up to AWS, then this is not a vaild reason for a chargeback.
     - If the cardholder knowingly activated chargeable AWS services, then this is not a vaild reason for a chargeback.
     - If AWS delivered the activated chargeable AWS services as requested, then this is not a valid reason for a chargeback.
     - In AWS case, did the cardholder take sufficient steps to secure their account (most banks these days have a security clause in their agreements).

The correct and only way to solve this is through entering discussions with AWS. And, if you are insistent on spending money on lawyers, don't waste the lawyer's time on card chargebacks, get the lawyer to engage with AWS Legal instead.

Don't abuse / misuse credit card chargebacks. It only ends up making life more difficult for the rest of us because the only thing that will happen is banks and card issuers will make people jump through even more hoops to "prove it".

willcipriano · 4 years ago

AWS was defrauded into delivering services that the account holder did not request. Those services were not delivered to the account holder but instead the fraudster. Therefore a charge back is appropriate in order to "reclaim money from the retailer’s bank when you do not get the goods or services you paid for".

throwawayHN378 · 4 years ago

Except that, pragmatically, credit card companies will refund the money if they want to keep your business. The way to resolve this is whatever way returns your money. I don’t need to look out for your best interest when I’m fighting for money that’s owed to me. That’s a ridiculous statement

jakozaur · 4 years ago

Disagree, but if in doubt get a good lawyer and follow their advice instead of some strangers from the internet.

MichaelEstes · 4 years ago

actually_a_dog · 4 years ago

Email jeff@amazon.com. Although he's stepped back as president and CEO, I've heard that someone still monitors that email, and that serious issues get routed to a team that can actually take care of them.

It's worth a try, in any case, and it doesn't seem like you have much to lose, especially given their acknowledgement that your account was hacked.

cpach · 4 years ago

There is already some actionable advice in this thread – I would suggest that you also call a lawyer to talk it through and see what they have to say. They might be able to contact AWS on your behalf.

londons_explore · 4 years ago

As far as I know, AWS does not take debts to court.

Just remove the credit card from the account and let them suspend it indefinitely. Beware that you will lose anything you had stored on the account.

If you really need Amazon, set up a new account with a new email address, although I'd stay away from AWS.

krimbus · 4 years ago

I also recommend removing all payment methods and forgetting about Amazon.

Just make sure to store any emails and support protocols that indicate that the account was recognized as hacked. This will be important if you ever have to deal with the debt in mediation/court.

ashtadmir · 4 years ago

It would be helpful if you explain why you would stay away from aws.

Not paying a debt and walking away isn't a criminal offence.

Signing up again under a different name to continue using the service you have been banned from could be considered fraud by misrepresentation, which in most places is a fairly serious criminal offence (even though it is very unlikely to be prosecuted in this case).

rl1987 · 4 years ago

Cybercrime aside, AWS is almost always not worthwhile for small business or individual use. Issues like opaque billing, devops complexity and vendor lock-in go away immediately if you switch to Digital Ocean or one of the many simpler and cheaper cloud providers. Unless you are building something that is specific to AWS, relying on AWS as individual/small company is like buying enterprise router from Cisco or Fortinet for your home network - technically nothing is stopping you from doing so, but it's an overkill.

donkarma · 4 years ago

I would try to get a different support agent first and see if their tone changes

nouxious · 4 years ago

I had 6 agents in total. They were all tone deaf. It feels like I am corresponding with a bot.

hericium · 4 years ago

None of them wants to lose their job or benefits. It's easier to get rid of you by handling you to the next rep enough times to frustrate you. They won't get into trouble for not solving your issue - they did their jobs perfectly.

Financial harm is the single language Amazon understands. Let lawyers talk to Amazon and they most likely won't be thrown around between 1st line reps.

hvgk · 4 years ago

If it’s any consolation the enterprise support guys aren’t any better.

Threatening to move to Azure is about the only move that works.

staticautomatic · 4 years ago

I’d not pay and then sue if they took it to collections or counter sue if they took it to court.

njme · 4 years ago

Make it viral. This will definitely help. Wish you best luck in this case