
Amazon major accounts breach - yq
Multiple Amazon account has been hacked.<p>I received an email with title: &quot;Updated Language Settings&quot; from auto-confirm@amazon.de:<p>You have successfully changed your default language for browsing, shopping and receiving communications from Amazon.de to &quot;English&quot;.<p>Follow by second Email:<p>Thanks for visiting Amazon.de! Per your request, we have changed the e-mail address associated with your account<p>The e-mail address associated with your account has been changed. The old address was my_email_address@gmail.com. The new address is aefjlkse@mail.ru.<p>Checked on Twitter and Reddit, seems it happened April 2017, and people start reporting this issue once again on Sep 1, 2017.<p>The amazon account associated with the email is no longer able to access through amazon.com.<p>https:&#x2F;&#x2F;twitter.com&#x2F;search?q=amazon%20account%20hacked<p>https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;amazon&#x2F;comments&#x2F;6xom2j&#x2F;amazon_account_hacked&#x2F;
======
graystevens
Rather than a direct breach of Amazon, I suspect this has been a successfully
credential stuffing attack.

Credential stuffing/washing is taking a dump from a previous breach, such as
those listed on 'haveibeenpwned.com', and trying them against a whole host of
websites. This often works wonders as people re-use the same password
elsewhere.

This is different to what people refer to as 'brute forcing' an account, where
they would target one specific account and try multiple passwords. This is
easy to pick up and block. However credential stuffing on an individual user
level is less obvious. You could look at login attempts per IP, but they often
utilise open proxies or Tor to help being detected.

Was your password unique to your Amazon account? And by unique I mean no re-
used terms and tweaking just the numbers at the end etc. e.g. hunter2,
hunter2017

~~~
yq
There are more post on social media about the breach now. There was no
interaction with Amazon.com at all, I tried to login Amazon.com minutes after
receiving these two emails. The result shows the account does not exist on
Amazon.com anymore. Again, didn't click any link, it just happened.

>This often works wonders as people re-use the same password elsewhere. Was
your password unique to your Amazon account?

I really doubt it. The way password managed and password used on this Amazon
account is HackerNews approved.

