Account been hacked two step bypassed


#1

Hi,
My account was hacked on Sunday. The person listed thousands items on German market (which i do not sell on). I rang Amazon to report it.

They said they will look into it and respond in 24hours. 24 hours have passed and no reply from Amazon. The person has hacked the account again today.

How is the person by passing the 2 step verification? I even changed the number to landline and still the person is able to change the password.

I have inactivated my account as I cannot know what is happening to the account.
Why Amazon taking so long to respond to such a serious issue as2 step verification should not be able to be hacked.


Account deactivated - Due to False duplication account
#2

It seems you still have control of your account atm - have you checked that your bank details have not been altered?
Have you changed your password yet?


#3

In addition to advice given, it sounds like you could have keystroke logger malware on your machine. Run a thorough virus check on your laptop and all devices and only then re-set passwords


#4

An Ireland based seller support operative told me that it was possible to circumvent the 2FA on Amazon accounts to gain access as well as of course the method you have stated.

When was the last time you received an OTP code @Silver_Tool_Shop

As it is impossible to contact Amazon Payments UK Limited via Seller Support. I would advise you contact them using the contact details here

https://register.fca.org.uk/ShPo_FirmDetailsPage?id=0010X000047SXeXQAW

APUK must resolve your issue within three business days or provide an acknowledgement to your complaint in writing. They must respond within 15 business days or you can refer it to the Financial Ombudsman. As your account has been compromised this also means your APUK - Selling on Amazon Payments Account has been compromised.

Anyone with UK payment / security related issues should probably submit complaints immediately as they will either have to resolve the issue within three days, or acknowledge the issue and resolve it in 15 business days. Of course they do not always do so but then you can forward this to the Financial Ombudsman. But either way it gets to someone more senior with an obligation to fulfill. You can continue to push Seller Support at the same time.

I would use the email address as the phone number (former front reception number) is just an answer machine.


#5

I did have access then the person hacked it again after I had an email from Amazon to say the account has been sanitized. I have been on the telephone for 3 hours today, going back and forth Amazon seller , amazon germany, amazon retail.

All they say is we are forwarding to fraud team.

I have realised there is big flaw in their system, once you gain access to the account by app you can stay logined in. It does not matter if the person changes password or telephone number. It does not force login. So the person can see the details.

Amazon have been no help. I told them to delete all the german listing, they said they cannot do that. I told them to speak to manager they said there is no manager available. I seem to be stuck, with no help from anyone at Amazon. It seems a waiting game till the person hacks the account again. By passing 2 step verification. Obviously the person wants the £7000 he made from fraud german sales.

This person can do it to me so he can do it to other people. Also access their retail side account.


#6

That is a very alarming possibility …


#7

Login and go to Account/Content and Devices and remove all the devices in there. Then go to Login and Security and use the Authenticator app NOT the SMS option. This is vulnerable to attack. Make sure you require 2 step Authentication for all devices.

Note it wouldn’t let me change to the authenticator app. I had to remove 2FA first then re-enable.

Doesn’t matter what authenticator app you use. Microsoft or Google have versions of the same thing.

You should use 2FA for everything sensitive. PayPal, LinkedIn etc.

This is Chooks favourite Rooster btw. I work in information security and design this stuff.


#8

Funny thing my account was hacked again. And the person put the fake german tax certificate again on Amazon. I have tried the app, some how he was able to by pass that. I changed to landline still no use, changed email, changed mobile. Got virus protection computer.
What annoys me the most is that Amazon could just check the ip and find out who it is. I know the person is from italy as he put in his italy mobile number in the start for verification. After i changed it back he changed it UK number next time.
Also why don’t amazon delete the german listings. They told me to do it manually, takes long time 5000 listings.
I just searched the web I am the not the first person this has happened to. So obviously Amazon must know about it but are doing nothing. Now whole day passed and I heard nothing from Amazon about it.
They just leave you to defend yourself.
One scary thing is that the account is also linked to my Amazon retail which has all my credit cards etc. That means they can access that and my address.


#9
  1. Download an inventory report.
  2. Download a template file from here: https://sellercentral.amazon.co.uk/listing/download?ref_=xx_download_tnav_upload
    (when downloading you have to pick a category, pick ANY non-media category that you are eligible to sell in)
  3. Insert all of the “bad” SKUs into the template file.
  4. fill in the “Product type” column with whatever option is in the drop-down menu.
  5. Under “Update Delete” choose “Delete”
  6. upload the file (you shouldn’t need to fill in any other “mandatory” columns
  7. upload it here: https://sellercentral.amazon.co.uk/listing/upload?ref_=xx_upload_tnav_download (select “inventory files for non-media categories” when uploading)

closed #10

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.