Justin SchuhOct 26, 2024
Neighbor just called asking for help because their Gmail account was hijacked and now they're locked out (and the hijacker chained off that to other accounts). I'm heading over in a bit to help. This is the will be my first experience with the process from the consumer perspective.
Show threadJustin SchuhOct 26, 2024

Gmail account appears to be fine, but the Amazon account has definitely been hijacked. Looks like the attacker texted a link that the neighbor clicked on this morning, and that completed some sort of account ownership transfer. Neighbor assures me they just clicked the link and didn't enter anything. They just landed on an Amazon page that said their account had been successfully transferred to someone else (they have a screenshot of the hijacker's email address).

They've been on the phone with Amazon trying to get it resolved, but if the description is correct it sure seems like there's a vulnerability on Amazon's end here.

At exactly the same time the SMS was sent the neighbor's Gmail account got hit with a firehose of thousands of spam messages persisting for several hours, which is why they thought the Gmail account was hacked (and also why they clicked the Amazon phishing link from the SMS).

Does this sort of thing sound familiar to anyone?

Show threadTroed SĂ„ngberg

@jschuh The link sent via SMS could be the final 2FA verification click needed to approve an account transfer, with the rest having been setup beforehand. If so, the account itself might already have been compromised. (Always assume leaked re-used passwords)

caveat: I have not gone through an Amazon account transfer

Oct 26, 2024 at 4:58pmWeb
Show threadJustin SchuhOct 26, 2024
@troed Turns out the attacker initiated account recovery over the phone using stolen personal information. The link was the last step, which had to be clicked from a device Amazon already recognized for that account. And the firehose of spam was to bury the alert emails Amazon was sending.