Amazon major accounts breach
Multiple Amazon account has been hacked.
I received an email with title: "Updated Language Settings" from auto-confirm@amazon.de:
You have successfully changed your default language for browsing, shopping and receiving communications from Amazon.de to "English".
Follow by second Email:
Thanks for visiting Amazon.de! Per your request, we have changed the e-mail address associated with your account
The e-mail address associated with your account has been changed. The old address was my_email_address@gmail.com. The new address is aefjlkse@mail.ru.
Checked on Twitter and Reddit, seems it happened April 2017, and people start reporting this issue once again on Sep 1, 2017.
The amazon account associated with the email is no longer able to access through amazon.com.
https://twitter.com/search?q=amazon%20account%20hacked
https://www.reddit.com/r/amazon/comments/6xom2j/amazon_account_hacked/ Rather than a direct breach of Amazon, I suspect this has been a successfully credential stuffing attack. Credential stuffing/washing is taking a dump from a previous breach, such as those listed on 'haveibeenpwned.com', and trying them against a whole host of websites. This often works wonders as people re-use the same password elsewhere. This is different to what people refer to as 'brute forcing' an account, where they would target one specific account and try multiple passwords. This is easy to pick up and block. However credential stuffing on an individual user level is less obvious. You could look at login attempts per IP, but they often utilise open proxies or Tor to help being detected. Was your password unique to your Amazon account? And by unique I mean no re-used terms and tweaking just the numbers at the end etc. e.g. hunter2, hunter2017 There are more post on social media about the breach now. There was no interaction with Amazon.com at all, I tried to login Amazon.com minutes after receiving these two emails. The result shows the account does not exist on Amazon.com anymore. Again, didn't click any link, it just happened. >This often works wonders as people re-use the same password elsewhere. Was your password unique to your Amazon account? I really doubt it. The way password managed and password used on this Amazon account is HackerNews approved.