Multiple Amazon account has been hacked.<p>I received an email with title: "Updated Language Settings" from auto-confirm@amazon.de:<p>You have successfully changed your default language for browsing, shopping and receiving communications from Amazon.de to "English".<p>Follow by second Email:<p>Thanks for visiting Amazon.de! Per your request, we have changed the e-mail address associated with your account<p>The e-mail address associated with your account has been changed. The old address was my_email_address@gmail.com. The new address is aefjlkse@mail.ru.<p>Checked on Twitter and Reddit, seems it happened April 2017, and people start reporting this issue once again on Sep 1, 2017.<p>The amazon account associated with the email is no longer able to access through amazon.com.<p>https://twitter.com/search?q=amazon%20account%20hacked<p>https://www.reddit.com/r/amazon/comments/6xom2j/amazon_account_hacked/
Rather than a direct breach of Amazon, I suspect this has been a successfully credential stuffing attack.<p>Credential stuffing/washing is taking a dump from a previous breach, such as those listed on 'haveibeenpwned.com', and trying them against a whole host of websites. This often works wonders as people re-use the same password elsewhere.<p>This is different to what people refer to as 'brute forcing' an account, where they would target one specific account and try multiple passwords. This is easy to pick up and block. However credential stuffing on an individual user level is less obvious. You could look at login attempts per IP, but they often utilise open proxies or Tor to help being detected.<p>Was your password unique to your Amazon account? And by unique I mean no re-used terms and tweaking just the numbers at the end etc. e.g. hunter2, hunter2017