You just got an email about a sign-in from a country you have never visited, or a package you did not order is on its way, or your password suddenly stopped working. Any one of these can mean someone else is inside your Amazon account.
The good news: if you can still sign in, you can lock the intruder out in minutes. If you are already locked out, Amazon has a verification path to get you back. This guide walks through how to confirm a takeover and then reclaim the account, quickest and most common steps first.
Work top to bottom. Do not stop at the password; an attacker who got in once will have left changes behind that you need to undo.
Confirm Your Account Was Actually Hacked
Before you do anything, match what you are seeing against the real warning signs of an account takeover. Any one of these is enough to act on.
- You cannot log in, or your password no longer works. This is the clearest sign, because it usually means the attacker changed the password to lock you out.
- An order confirmation or package arrives for something you did not buy, or unrecognized purchases show up in Your Orders.
- Your contact details changed on their own: a new shipping address, a different email, or a new phone number on the account.
- You receive notifications you never started, such as password-reset requests, "two-step verification turned on or off", or "account details changed" messages.
- You get an email, text, or app notification about a sign-in from a device or location you do not recognize.
- New payment methods appear in Your Payments, or product reviews are posted under your name.
If you still have access, you may have caught a takeover in progress, so secure the account immediately using the steps below. If you are locked out, jump to the locked-out recovery sections.
Respond to the Security Alert First
Amazon sends a security alert when it spots important changes or new activity it wants you to confirm. These arrive by email, by SMS, and as push notifications in the Amazon shopping app. This is often the fastest way to slam the door.
- 1.Open the alert, then click or tap the link in the genuine email or SMS, or respond to the push notification in the app.
- 2.Select Deny, or otherwise indicate "it was not you," if you do not recognize the activity.
Denying the activity automatically forces an immediate Amazon password reset, which locks the intruder out for you. One important caution: many fake "sign-in attempt" alerts are themselves the scam. Only act on an alert you open inside the real email, SMS, or app, and never on a link in a message you are unsure about.
Use Secure Your Account to Sign Out Every Device
If you can still sign in, Amazon's built-in control sweeps out active intruder sessions in one move.
- 1.Sign in at Amazon.com, open Account & Lists, then go to Your Account.
- 2.Open the Login & security settings page.
- 3.Use the Secure Your Account option to monitor sign-in attempts. If you see suspicious activity, choose to deny access, which immediately signs those sessions out of your account.
This same control also lets you edit your email and login settings and log out of your account on every device, so use it before you do anything else on the page.
Change Your Password to Something New and Unique
Whether or not you used the deny option, set a fresh password now.
- 1.If you can still sign in: go to Your Account > Login & security, find Password, and select Edit to set a new one.
- 2.If you cannot sign in: open the password-assistance page at amazon.com/gp/css/account/forgot-password/email.html, enter the email tied to your account, and follow the steps.
- 3.Amazon sends a one-time passcode to the phone number or email on file to verify it is you.
Make the password at least eight characters and hard to guess, and do not reuse a previous one. If you used this same password on other sites, those accounts are now exposed too, so change them as well.
Turn On Two-Step Verification
Two-Step Verification (2SV) means a stolen password alone is no longer enough to get in. After this is on, every sign-in needs both your password and a current code.
- 1.Sign in, open Account & Lists > Your Account, then open Login & security.
- 2.Next to Two-Step Verification (2SV) Settings, select Edit, then choose to get started with setup.
- 3.Choose how you want to receive the code: by text message, by phone call, or through an authenticator app.
- 4.For an authenticator app, scan the on-screen QR or barcode with your app (such as Google Authenticator or Microsoft Authenticator), or use the option to copy the setup key in manually if you cannot scan.
- 5.Enter the code and click Verify code and continue.
- 6.Add the requested backup method (such as a phone number for SMS or voice call), enter its code, and verify again.
- 7.Confirm to turn on Two-Step Verification.
To switch it off later, return to Your Account > Login & security and disable Two-Step Verification.
Audit Devices, Addresses, Payments, and Hidden Orders
An attacker who got in will have left traces. Strip them out so they cannot regain access or keep spending.
- Devices: open Content & Devices (Your Devices) and remove anything you do not recognize.
- Addresses: open Your Addresses and delete any shipping address that is not yours.
- Payments: open Your Payments, edit each card, and remove anything unfamiliar from your wallet; also turn off 1-Click under Ordering and Shopping Preferences.
- Orders: check Your Orders, Your Payments > Transactions, and especially Archived Orders near the bottom of the Account page, because attackers sometimes archive orders to hide them.
Report anything unauthorized you find using the steps further below.
Recover an Account Locked by Two-Step Verification
If 2SV is failing and you cannot get in, use Amazon's recovery path.
- 1.First try signing in with a registered backup method or from a trusted device.
- 2.If that fails, go to the Two-Step Verification Account Recovery page at amazon.com/a/recover/upload and follow the on-screen instructions.
- 3.Upload a scan or photo of a government-issued ID that clearly shows your name, your address, and the issuing authority.
- 4.Cover or remove sensitive information, such as account or identification numbers, before uploading.
Verification takes one to two days. When approved, Amazon emails you and you can sign in with your password. Even then, Amazon may still require an extra one-time code sent to your email or primary phone.
Regain Access to an Account on Hold
Amazon may place an account "on hold" as a security action, often after unusual payment activity, so it can review the account with you. This also pauses Prime, Music, Kindle, Alexa, and Ring, not just shopping.
- 1.Check your email or texts for an "Account on hold" notification from Amazon.
- 2.Sign in to your Amazon account.
- 3.Complete the requested form and include the necessary attachments. Submitting the requested details yourself through Amazon's secure sign-in portal is the fastest way to unlock.
The exact documents required vary by case, so follow the specifics in your own notification rather than assuming a fixed list.
Report and Reverse Unauthorized Charges
For unauthorized spending, reporting it to Amazon is not enough on its own; your bank has to be involved to get money back.
- 1.For Amazon Pay, sign in, open the Activity tab, find the charge, click Details & Support, and from the dropdown choose File an A-to-Z Guarantee claim or Report fraud or misuse.
- 2.For a regular Amazon retail order, find it in Your Orders and use the report or return support options to flag it as unauthorized.
- 3.Contact your bank or card issuer as soon as possible to block the card and, if needed, file a chargeback.
After reporting, change your password and enable Two-Step Verification if you have not already.
Escalate the Compromise to Amazon
To report the takeover itself or the scam behind it, use Amazon's official channels.
- Go to the Report a scam help page. It has separate guided forms, including one for when your Amazon account info was compromised, plus options for "no information shared," "banking information shared," and "remote access granted."
- Forward suspicious communications to [email protected]. Sending the message as an attachment is best, because it preserves the headers Amazon needs to track it.
- For suspicious calls or texts, Amazon directs you to the FTC at reportfraud.ftc.gov.
- You can also pick Report Something Suspicious under "Help with something else" on the Customer Service page to report by phone or chat.
Avoid the Phishing Trap That Caused It
Most takeovers start with credentials handed to a fake page. Knowing what Amazon will never do keeps it from happening again.
- Amazon will never ask over the phone for your address, payment information, login credentials, or financial information.
- Be suspicious of false urgency, unexpected delivery notifications, requests to pay with gift cards, or requests to pay outside Amazon by a third-party site or wire transfer.
- Do not click links or reply to suspicious emails, calls, texts, or pop-ups. Instead, go directly to Amazon.com or the app and sign in there to check.
- If an order notice worries you, open Your Orders in the app or on the website to see your real order history.
- For Amazon Pay, the only legitimate domains are pay.amazon.com, payments.amazon.com, and authorize.payments.amazon.com. Senders like [email protected] or [email protected] are scams.
Frequently Asked Questions
How do I know if an "Amazon sign-in attempt" alert is real or a scam?
Genuine alerts come through your real email, SMS inbox, or the Amazon shopping app, and you respond to them there. Many fake versions exist purely to harvest your login on a copycat page. Never click a link in a message you are unsure about; open Amazon.com or the app directly and check your account instead.
I clicked Deny on a security alert. Do I still need to change my password?
Denying an alert already forces an immediate Amazon password reset to lock the intruder out. Even so, set a fresh, strong, unique password yourself, turn on Two-Step Verification, and audit your addresses, payments, and orders to be sure nothing else was changed.
I am completely locked out and 2SV is not working. How do I get back in?
Go to the Two-Step Verification Account Recovery page at amazon.com/a/recover/upload and upload a government-issued ID showing your name, address, and issuing authority, with sensitive numbers covered. Approval takes one to two days, and Amazon may still ask for an extra one-time code when you sign in afterward.
Reporting the fraudulent charge to Amazon got my money back, right?
Not by itself. After you report it to Amazon, contact your bank or card issuer to block the payment instrument and, if needed, file a chargeback. That bank step is what actually recovers the funds.
Where do attackers hide their activity so I can check those spots?
They commonly hide orders under Archived Orders at the bottom of the Account page and add extra shipping addresses and payment cards. Audit Your Addresses, Your Payments, and Archived Orders specifically, not just your recent Your Orders list.
What likely caused my account to be hacked?
Common causes include entering your login on a phishing page, reusing a password that leaked from another site, using a weak password, having no Two-Step Verification, keeping an email-only account with no phone on file, malware on your device, or granting a fake "Amazon support" caller remote access. Closing those gaps prevents a repeat.











