Was Your Amazon Account Hacked? Act Quickly!
With more than 300 million active users around the globe, Amazon has become a massive target for hackers and scammers who want access to your account — and your stored financial and personal details.
Unfortunately, even if you do everything possible to secure your Amazon account, it can still be at risk.
Just last year, personal information from over 14 million Amazon and eBay accounts was stolen and leaked to the Dark Web [*].
Fraudsters know the high value of Amazon account access, and they will do anything they can to break into your account.
In this guide, we’ll explain how hackers can take over your Amazon account, the warning signs to look out for, and how to recover and secure a hacked Amazon account.
What Can Happen If Your Amazon Account Gets Hacked?
If cybercriminals break into your Amazon account, they can order items under your name and access your complete account information — including your financial and personal data.
Hackers have numerous ways to target your account — from phishing emails and texts to more sophisticated cyberattacks and scams, such as fake websites and fraudulent Amazon support agents offering their “services” on social media.
Here are some of the worst consequences that can ensue if scammers gain access to your Amazon account:
- You could lose access to your Amazon account. Once scammers have access to your Amazon account, they’ll likely change the email account and Amazon password that you use for logging in — which would lock you out completely.
- Scammers can make purchases by using your payment details. Hackers can also place orders and ship them to any destination they want. In many cases, they may archive these fraudulent purchases to hide them from your order history.
- Fraudsters could use your account for a “brushing” scam. Brushing scams involve sellers sending unordered items to Amazon users so that the sellers can boost their metrics and reviews. Fraudsters who have your account details can participate in this scam by ordering and reviewing items in your name.
- Your account details could be used to steal your identity or scam you. Your Amazon account includes your name, phone number, and shipping addresses, along with your order information. This gives fraudsters plenty of ammunition to pull you into one of their many Amazon scams.
How To Tell If Your Amazon Account Has Been Hacked
- You can’t log in to your Amazon account. This is the most obvious warning sign that your account has been hacked. In an account takeover, scammers break in and lock you out, giving them full access to your Amazon account and any or your linked credit cards or financial accounts.
- You receive an Amazon package you didn’t order. In an Amazon brushing scam, sellers hack accounts and send packages to falsify their Amazon store’s sales numbers and star ratings. If you receive an Amazon package you didn’t order, it could indicate your account has been hacked or your information has been used to create a fake account.
- Someone has changed your address, email, or contact details. If your Amazon contact information has been changed, someone has already gained access to your account. Since you weren't locked out, you might have interrupted an account takeover.
- There are purchases you don’t recognize in your order history. Unfamiliar orders in your history indicate that someone has access to your account. You might also see unauthorized purchases in "your payments."
- You receive strange notifications (password reset requests, changes to account details, etc.). Requests for password resets and account changes generate notifications that are sent to the contact information on file. If you receive an uninitiated request, someone could be trying to break into your account.
- Someone has left product reviews by using your name and account. If you see a product review that you didn't submit, this typically means that someone has used your account in a fraudulent review scam. Unfamiliar messages in the Amazon Message Center reflect another warning sign.
- Other suspicious activity. Scammers may have access to your account and information but want to keep it secret by not ordering or reviewing anything. However, seeing unfamiliar products in your browsing history might tip you off that someone else has used your account.
The bottom line: A hacked Amazon account can lead to financial fraud, identity theft, and further scams. If you see any warning signs indicating that your Amazon account has been hacked, act quickly to secure your account — and yourself. For added security, consider signing up for an identity theft and scam protection service.
How To Recover a Hacked Amazon Account
- Ensure that your device is not hacked or compromised
- Request a password reset for your Amazon account
- Enable or update two- or multi-factor authentication (2FA/MFA)
- Set up Amazon’s “Secure Your Account” feature
- Review your account details for any changes
- Check your purchase history, and report unauthorized charges
- Unlink any stored credit cards or saved payment details
- Scan the Dark Web for your personal information
- Update your passwords on other online accounts
- Consider signing up for a digital security provider
If you know or suspect your Amazon account was hacked, quick action can save you time and money. Here’s how to recover from a hack and regain control of your Amazon account:
1. Ensure that your device is not hacked or compromised
If your device has been compromised, simply recovering your Amazon account won't solve the problem, as the hackers can just retake control of the account. Before doing anything, you first need to clean out and secure your device.
Here’s what to do:
- Look for unusual behavior. Your device may demonstrate warning signs when something's wrong, such as overheating or slowing down. You might also notice changes to your home screen or browser. Use the Windows task manager or Apple activity monitor to spot any unusual processes running in the background.
- Use an antivirus scanner and removal tool. Perform an antivirus scan to quarantine and remove infected programs and files. Additionally, you can use antivirus software to scan and block malicious files and websites in real-time.
2. Request a password reset for your Amazon account
If someone has gained access to your account, you should assume that your password is compromised. You'll need to create a new password as soon as possible.
Here’s what to do:
- Use the password reset page. Follow the provided steps on Amazon's Reset Your Password page. Amazon will send a one-time authentication passcode to whatever phone number or email address you use for account verification. You can then create a new, unique password that combines words, numbers, and symbols.
- Call customer support. If you try to reset your password, but the verification methods on file don't work, you may need to call Amazon directly at 1-800-388-5512.
Need more help? Check out Amazon’s Account & Login Issues page for more details on how to reset your Amazon password.
3. Enable or update two- or multi-factor authentication (2FA/MFA)
Two- or multi-factor authentication (2FA or MFA) adds an additional layer of security to your Amazon account by requiring a secondary authentication method along with your password — for example, a one-time-use code sent to your phone or an authenticator app. Once you regain access to your Amazon account, you should set up 2FA immediately.
Here’s what to do:
- Set up two-step verification. On the Login & Security page, navigate to Two-Step and then click on Edit and Get Started. You can then choose to use an authenticator app or a phone number through which to receive your one-time passwords. For the strongest security, we recommend using an authenticator app like Authy.
- Recover account after two-step verification fails. If hackers changed your two-step verification process, you'll need Amazon's help to recover your account. Visit the Two-Step Verification Account Recovery page and follow the steps listed. You may need to provide government identification to prove your identity.
💡 Related: How Does Two-Factor Authentication Work? →
4. Set up Amazon’s “Secure Your Account” feature
Amazon's Secure Your Account feature lets you monitor (and get notified about) all account sign-ins. If you don't recognize the sign-in activity, you can deny it and instantly log out the intruder. You can also log out of all devices at once, giving you time to make account changes.
Here’s what to do:
- Set up a primary mobile number. Add a primary mobile number on the Login & Security page to receive text messages whenever Amazon detects a suspicious login.
- Report a compromised account. Click Compromised Account? on the Login & Security page to edit your email and login settings, and to log out of your account on every device.
5. Review your account details for any changes
When scammers get access to your account, they often alter your settings or contact information to make it harder for you to regain access. If fraudsters changed your account details, they might be able to reclaim your account or continue using services even after you have booted them.
Here’s what to do:
- Check your profile and contact information. Go through your profile to make sure your name and settings haven't changed. Next, navigate to the Login & Security page and check under Your Addresses to ensure that all of your contact details and verification methods are in your name.
- Look at Amazon Prime devices. Go into Content and Devices settings to make sure you recognize all devices that have your Amazon accounts installed on them. Remove any device you don’t recognize.
6. Check your purchase history, and report unauthorized charges
Amazon customer service can help you get to the bottom of unauthorized purchases or account changes. As soon as you suspect someone has tampered with your account, contact Amazon customer support and share the issue with them.
Here’s what to do:
- Look at previous purchases. You can find past orders in two main places: Your Orders and Your Payments (under Transactions). You might also spot previous orders in your Archived orders, which you can find near the bottom of the Account page.
- Report unauthorized activity. Visit Amazon's Security & Privacy section, and select Report Something Suspicious. Select the appropriate option for your situation, such as what type of information you accidentally shared with scammers. You should also provide details of any contact you had with the scammer for Amazon to investigate. You can help others avoid similar scenarios by reporting any phishing scam at email@example.com.
💡 Related: How To Identify Amazon Email Scams →
7. Unlink any stored credit cards or saved payment details
Storing credit cards and payment details on your Amazon account makes it convenient when you're shopping — but also creates more vulnerabilities for hackers to exploit. You're better off removing any saved payment methods on your account and entering them manually each time you make a purchase.
Here’s what to do:
- Edit cards in your wallet. Go into Your Payments on the Account page, and remove each of the cards in your wallet by editing them and clicking on Remove From Wallet.
- Disable 1-click settings. Near the bottom of the account page, you will find 1-Click Settings under Ordering and Shopping Preferences. Click on Disable to remove the feature.
8. Scan the Dark Web for your personal information
If scammers got into your Amazon account, they can sell or trade your stolen personal information and account details on the Dark Web. This puts you at risk of being targeted for numerous other scams and cyberattacks.
Here’s what to do:
- Scan the Dark Web for free. Use Aura's free Dark Web scanner to check if your email address or passwords are circulating on the Dark Web. You can also learn if they were leaked in a breach and what other information might have been revealed.
- Consider identity theft monitoring. Aura monitors your most sensitive information — including passwords, personal information, and even your Social Security number (SSN) — across the Dark Web, data breaches, public records, and more. If anything is found, you’ll be alerted in near real-time and can get help shutting down scammers before they can do too much damage. You can try Aura free for 14 days and find out if your information is at risk.
💡 Related: What Is Dark Web Monitoring? Do You Need It? →
9. Update your passwords on other online accounts
A Google study found that more than 50% of people reuse passwords across accounts [*]. If you're part of that group, a hacked Amazon account can quickly turn into a hacked Google, Walmart, or Microsoft account.
Here’s what to do:
- Check your account passwords. If your Amazon password was compromised and you use it anywhere else, change it as soon as you can. Google and iOS both show you where else your passwords are being used.
- Consider a password manager. A strong password manager helps you manage all your unique and complex passwords. The password manager included with every Aura plan can even alert you if one of your passwords is too weak or has been compromised.
💡 Related: How Hackers Get Passwords (and How To Protect Yours) →
10. Consider signing up for a digital security service
Digital security providers help prevent hacking, monitor your online and financial accounts for signs of fraud, and offer support and insurance to help you recover from the consequences of identity theft.
Here’s what you get with Aura:
- Award-winning identity theft protection. Aura monitors and safeguards your most sensitive personal information. Aura’s identity theft protection has been rated #1 by Money.com, Forbes, USNews.com, and more.
- Three-bureau credit monitoring with the industry’s fastest fraud alerts. Aura also monitors your credit report for new activity — such as if a scammer has opened a new account or is trying to take out a loan in your name. Aura’s fraud alerts are up to 250x faster than competing services3.
- Artificial intelligence (AI)-powered scam protection and digital security. Every Aura account comes with a full suite of cutting edge digital security tools to protect you against hackers. This includes powerful antivirus software, a military-grade virtual private network (VPN), online privacy tools, and even AI-powered scam call and text protection.
- 24/7 White Glove Fraud Resolution and $1 million identity theft insurance. If the worst should happen, Aura has your back with dedicated U.S.-based support agents who are available 24/7 — as well as a $1 million insurance policy covering eligible losses due to identity theft for every adult on your plan.
How To Protect Your Amazon Account From Hackers
After recovering your Amazon account, you need to improve your digital security to make sure the same thing doesn't happen again.
Here’s what to do:
- Use strong and unique passwords. Avoid repeating passwords across accounts to limit the damage. Create unique and strong passwords by combining uppercase and lowercase letters, words, numbers, and symbols.
- Store your credentials in a secure password manager. A password manager helps you manage all of the unique passwords for your accounts without having to worry about remembering them. You can use the provided managers on Apple iPhones and other smartphones or opt for Aura's robust password manager, which alerts you if your passwords were involved in a data breach.
- Always enable two-factor authentication (2FA), ideally with an authenticator app. Two-step verification adds another step to the login process. In addition to a password, 2FA logins require a security code, which Amazon sends via text message.
- Make sure you have a valid secondary contact method. Along with your email address, Amazon allows you to input a primary mobile number to receive alerts about unusual account activity.
- Learn to spot the warning signs of Amazon phishing scams. Popular Amazon phishing scams include phone calls requesting personal information, fake refund notifications, fraudulent text messages, and imposter Amazon Prime websites. Never enter your information on a linked login page — or just avoid clicking on links altogether.
- Use a virtual private network (VPN) when using public Wi-Fi or unfamiliar networks. A secure VPN keeps your information encrypted and private even if you've unwittingly joined a compromised network.
- Don’t ignore device and software updates. Stay on a regular update schedule to ensure that your devices and software receive the latest security patches and fixes to any vulnerabilities.
- Secure your devices with antivirus and digital security tools. Antivirus software scans, quarantines, and removes malware and other viruses from your devices. Digital security features such as Safe Browsing tools block malicious websites and invasive ads and trackers.
- Consider monitoring your credit, bank, and online accounts. Aura can monitor your credit for you. For added safety, you can always request a free annual credit report at www.annualcreditreport.com to check for suspicious activity yourself.
The Bottom Line: Keep Your Online Accounts Safe and Secure
Amazon accounts attract plenty of attention from hackers. With so much of your valuable personal and financial information exposed, it is essential to have a solid security approach and setup in place to protect your identity and your money.
Managing your own digital security is a time-consuming, labor-intensive, and often nerve-wracking job. Aura's all-in-one solution gives you peace of mind with comprehensive digital security and top-of-class identity theft protection, credit monitoring, and the industry’s fastest alerts.
Aura makes life hard for hackers and scammers — and easier for you and your family with 24/7/365 support.