My Amazon account was hacked and I almost lost £2,000

Moral of the story: change your passwords!


As a uni student, spending more than £10 at once on groceries makes me sweat. So when my Amazon account was hacked and I watched around £2,000 leave two different bank accounts, I think my heart stopped.

Our story begins like any other day. I had just had dinner with my flatmates and was getting ready to go out for the night. In the middle of applying mascara, I got a text from my dad asking if I'd been making any big Amazon purchases lately. 700 US dollars have just been spent on my card connected to his account. The last thing I bought on Amazon was a shower squeegee for five pounds.

Image may contain: Face, Girl, Door, Shoe, Footwear, Woman, Dress, Female, Denim, Jeans, Human, Person, Apparel, Pants, Clothing

The night out, before it all went downhill

So, I cancel the card, assuming that'll be the last of it. I decide to properly sort it out in the next couple of days – sometimes cards get hacked, and besides, it's a credit card, the bank's likely to just give me the money back – right?

In the meantime, I go on Amazon to place another order. I've made a lot of mistakes in my life, let me tell you, but this was by far the worst. Whilst ordering, I update my card information because, in case you forgot, my other card got cancelled. Damn you, Amazon one-click.

The worst of it begins

Flash forward two days later to when I receive an email from Amazon.com thanking me for my order of the Atlas of Reconstructive Breast Surgery e-book. You can bet your sweet arse this is not my purchase.

I cannot begin to describe the absolute terror I felt as I went to log in to my Barclay's account. Sure enough, £800 pounds had left my account. I'm going to say that again in case it didn't sink in the first time. £800.

Image may contain: Person, Human, Webpage, Text, Document, File

This screenshot still gives me the absolute fear

This next part of the story is scarier than yet another delayed Brexit. After I've called Barclay's to cancel my debit card, I decide to look through my Amazon account just to see how the hacking occurred. Real ones will know that in order to log into Amazon on a new device, you have to get a verification code via email or text. But wait, you ask, surely you're not dumb enough that your Amazon and email password would be the exact same thereby allowing hackers to get into your email to get that verification code?

Hi, my name's Anna, and I'm now the poster child for internet safety, nice to meet you.

I check the security settings on my account and see that my Gmail is currently logged into a Windows PC as of 13 minutes ago. You guessed it, that was not my log-in!

At this point I have let go of any hope of ever emotionally recovering. I log my email out of every device and change my password for just about every internet account I have ever registered for.

I then look at my trash and see every single confirmation order that I missed, including the email that had the verification code for my account. That's right, they were in my email, deleting the order emails as they came so I wouldn't find out.

Image may contain: Menu, Document, Page, Text

You love to see a diversity of titles, am I right?

I have no money

What comes next can only be described as the biggest financial crisis since 2008. My banks had told me to call Amazon directly and ask for a refund first. So, I wait a few days for the transactions to go through on my account, and then, I call Amazon.

The totals: 31 e-books ordered on American Amazon.com on two different cards totalling around $2,000. Amazon patches me through to about three different representatives who all have the exact same reaction when I tell them what's happened: "Wow – that's a lot of orders!" Like they weren't talking to someone who has spent the past four days wondering if she'll ever be able to use the internet in peace again.

I file a refund request, but a couple of days later, I receive an email telling me that they'll happily refund 12 orders out of the 31. And, amazingly, they haven't detected any fraud on my account!

Image may contain: Menu, Brochure, Flyer, Paper, Advertisement, Poster, Document, Text, Page

C H E E R S

Call it what you want, but what's up with the other NINETEEN orders that I still have on my account? I call again, and Amazon files yet another refund request for me.

Our climax, if you will

Here is the kicker of this whole ordeal: a couple of days after that second refund request, I receive an email from Amazon telling me, dead seriously, that it looks as though my account has been hacked – and I should probably log in and check! You really can't make this stuff up. Bear in mind, this is a solid WEEK after the initial hacking occurred. And I still don't have my whole refund!

Image may contain: Page, Text

I repeat, cheers

I call Amazon AGAIN (that makes four total calls to Amazon, in case you were wondering), and the ever helpful customer service team lets me know that Amazon has labelled the transactions as fraud. And that they can't refund me if it's fraud. I have to go to my banks. 'What about the fact that you've already refunded HALF of them?', I ask. He tells me it doesn't matter – he can't help me. I'm still out about 500 quid.

Mental Breakdown™ Time

At this point, it's been eight days since the initial text from my dad. I have a solid cry in my box room, and pick myself back up. I then spend the next two hours in the library with printed out bank statements and multi-coloured highlighters calculating what I've been refunded and what I still need.

Image may contain: Face, Hand, Finger, Person, Human

Did it happen if you didn't take a selfie?

I then spend the next THREE days calling my two banks trying to get my money back and filing fraud claims with both of them. Barclays proves especially difficult because when I called them the first time, their fraud machine was down (what does that even mean?). Finally, after much persistence, I get my money back.

Here are the final numbers on this fun story: roughly £2000 coming out and back into two different bank accounts, twelve days of money problems and making 10 separate phone calls to said banks and Amazon, and a LIFETIME'S worth of emotional trauma.

Image may contain: Menu, Page, Text

Oh, I wish I was kidding

Moral of the story

Like any good story, I do have a few morals here. For one, and I cannot stress this enough, change your passwords. As often as you can. You never know who's trying to get into your accounts, and the more you change your password, the harder that is for them. Secondly, ALWAYS make your email password unique to every other account. If they can't get into your email, they can’t do much.

As much as I want to just transfer all my assets to gold and bury it in my backyard, that isn't really an option these days. Hopefully my trauma can mean good things for other people, and I'll be a bit smarter from here on out.