Knightdale Woman’s $2,700 Web Services Bill Could Have Been Avoided With Multi-Factor Authentication :: WRAL.com
Knightdale, North Carolina – A Knightdale woman contacted 5 On Your Side for help after someone hacked into her Amazon Web Services account and she was charged over $2,700.
Sharron Rogers said she used AWS, a popular cloud service provider, on a free trial to send a digital file. She then received an email warning her that her account might be compromised.
“At first I was like, ‘This must be a scam,'” Rogers said.
She logged into Amazon Web Services, saw nothing unusual, and since she hadn’t used the account in months, she closed it. Then she received the email with an invoice for $2,766.
“I was very upset. I kept trying to talk to Amazon. No one would call me. I kept sending email after email,” Rogers said.
After several messages, an AWS customer service told Rogers that to investigate, they needed to reopen the account and add a valid payment method.
“I didn’t want to reopen,” she said. “I didn’t want to add another payment method, but at the same time I wanted it fixed.”
So, Rogers logged in and discovered that the account was being used all over the world. She says Amazon walked her through complicated and confusing steps to fix the hack.
“I had to go through every region, like Mumbai and all over the world and Singapore, and terminate those EC2 instances,” Rogers said. “I’m not a technical person in that nature. So, I don’t know what they were, but it was something. Whatever I did was supposed to stop billing.
But other charges have surfaced. Rogers’ estimated January bill was $2,000.
She asked the customer service representative if there was a chance she could be held financially responsible and learned that it was a possibility.
5 On Your Side found several similar complaints online.
An AWS spokeswoman told 5 On Your Side, “Even after the account is closed, (it’s) still accessible,” so users can collect their content. To secure an account, users must follow the steps given to Rogers. They are listed on the AWS website.
After 5 On Your Side intervened, Rogers was informed that her account was now secure.
“I feel like I have a part-time job trying to sort out all these things,” Rogers said.
His experience is a reminder to always use multi-factor authentication on your accounts. Sending a required code to your phone is an extra layer of protection.
Regarding charges, AWS said they review each case before deciding to charge and “work with each customer individually to find a solution.”