Account compromised even with 2 FA active
Over the bank holiday weekend somehow, the 2FA on my seller account was deactivated, and my account was accessed. I didn’t get any texts or emails saying 2FA was disabled, or providing 1 time passwords.
Within a few hours Amazon did block access to the account, and reverted all the changes made, and luckily nothing has been lost. I’m back in, and everything looks normal, so that is a relief. However, I have no idea how someone can turn off my 2FA, and how I don’t get any notifications that this has happened.
For what its worth, my email account is secured with 2FA, and I haven’t done anything with my phone out of the ordinary (not downloaded a new app in months, for example). The PC is used solely for work, and a thorough scan hasn’t found anything malicious.
So my question is, how could this happen in the first place, and how can things change without any notifications coming through to my phone/ email? Has anyone seen anything like this before?
Account compromised even with 2 FA active
Over the bank holiday weekend somehow, the 2FA on my seller account was deactivated, and my account was accessed. I didn’t get any texts or emails saying 2FA was disabled, or providing 1 time passwords.
Within a few hours Amazon did block access to the account, and reverted all the changes made, and luckily nothing has been lost. I’m back in, and everything looks normal, so that is a relief. However, I have no idea how someone can turn off my 2FA, and how I don’t get any notifications that this has happened.
For what its worth, my email account is secured with 2FA, and I haven’t done anything with my phone out of the ordinary (not downloaded a new app in months, for example). The PC is used solely for work, and a thorough scan hasn’t found anything malicious.
So my question is, how could this happen in the first place, and how can things change without any notifications coming through to my phone/ email? Has anyone seen anything like this before?
20 replies
Seller_esvgLzKXw2YAl
The obvious thing, is that you have clicked on a link in an email, that has led to this.
There are many, many phishing emails out there that look quite real.
It’s extremely unlikely, that your account was hacked directly.
Seller_DTufFoxJuMU0M
To be fair with Amazon sending out so many emails, all with multiple links in them and many even saying click this link for more information! Its amazing not more people get hacked
Seller_ZQyopdiwkUHOZ
The simplest explanation would be if you’d logged in on a publicly accessible computer or device and left it logged in afterwards.
Seller_zudFhTXLIW8Pa
Thanks for all the replies. Typically we don’t click links in emails from Amazon (or those that try to look like it). Obviously, it could have happened by accident, but the odds are low.
We also don’t log in from publicly accessible devices.
Even if someone did have access to our account, how could 2FA be turned off without any notifications being sent through to either my phone or email? This is the part that doesn’t make sense to me.
The whole point of 2FA is that only someone with my device can log in, how can it be turned off? Been racking my brain trying to work out how this could have happened, but the only thing I can think of is that there is an issue internally with Amazon…
Seller_zudFhTXLIW8Pa
Thanks for the reply @PeterB
Its not impossible, but feels extremely unlikely. We did a ‘log out of all sessions’ on Seller Central, changed email and password and changed phone number on the account. Still we had an email advising our account had been accessed via an unauthorised user.
Oddly enough, it is always 11:45am (give or take 5mins), each of the 3 times it has happened.
Seller_vtSzvxtW9StxE
might find this silly but have you recently change your bank account and credit card on file - both?
Reason for asking is, last year I changed both the things and my account was blocked like you explained and with messages like unauthorised access etc.
Later it was explained by account health team, it was done as precaution by system itself when it detected change in bank account and cc within 24 hours.
Seller_W3X7ltbdEm2Dq
Wouldn’t it be lovely if Amazon personalised all our emails, a bit like ebay or your bank does, so it’s miles easier to potentially spot a dodgy email.
The standard ‘dear seller’ is a bit easy to copy, and I find a bit demeaning too. At least use my name!
Julia_Amzn
Hello @THC,
Thank you for flagging this situation.
I am sharing an Identifying false (spoofed) emails help page, where you will find a guide on how to report suspicious communication.
Please feel free to contact me if you have more questions.
Stay safe everyone!
Julia.
Seller_zudFhTXLIW8Pa
So for what its worth, we did several antivirus scans with various programs and nothing came up. Having done a full Windows re-install seems to have solved the issue though, for now.
We still haven’t identified how anything managed to get onto the PC’s, but it does look like it was some malware.
Seller_LKjg1QRrO36Yq
This might be a stupid question, but how do you know that 2FA was deactivated ?
Also, what sort of 2FA do you use? Is it via another physical device[s] or via an app ?
*just to add, a full Windows re-install seems a bit extreme!
