"I received an order confirmation email from Amazon that I didn't recognize." "When I logged in, a passkey I didn't recognize was registered." Have you ever experienced something like that?

From 2025 to 2026, many cases of Amazon account hijacking have been reported on SNS. On X, a post saying, ``I can't log in to Amazon and I'm being asked for a passkey or OTP that I don't recognize...'' became a hot topic.

In this article, we will provide easy-to-understand explanations based on the latest information as of March 2026, from how to check whether your Amazon account has been accessed illegally, what to do if you notice damage, and preventive measures to prevent it from being hijacked in the future.

If you experience these symptoms, be careful! 5 signs of a takeover

When your Amazon account is compromised, you will see the following signs: If any of these apply to you, check it immediately.

1. You receive an order confirmation email that you do not recognize
If you receive an "Order Confirmation" email for an item that you did not purchase, there is a possibility that someone else is using your account to make a purchase. However, please never click on any links in the email as it may be a phishing email pretending to be from Amazon.

2. There are unknown items in your order history
Check your order history by logging in directly from the Amazon app or browser. Fraudulent orders may also be hidden in "hidden orders".

3. Notification "We detected a sign-in from a new location"
This is a security alert from Amazon official. You will receive this message when access is detected from a time or place where you do not remember logging in.

4. Your password has been changed and you cannot log in
If the hijacker changes your password or email address, you will no longer be able to log in using normal methods.

5. An unknown passkey or OTP app is registered
Starting in 2025, Amazon will support passkeys (a password-free login method using fingerprints or facial recognition). There have also been reports of attackers registering passkeys for their own devices without permission.

Check first! Three items to check on Amazon's "Login and Security" screen

If you can log in, first check the following three things. Open "Account Services" → "Login & Security" in the Amazon app or browser.

1. Are your email addresses and phone numbers yours?
If the attacker has changed your email address, you will no longer receive order confirmation emails. Make sure the email address and phone number you use are yours.

2. Is there an unknown device registered in the passkey?
When you open the "Passkey" item, a list of registered devices will be displayed. It is OK if only your smartphone or PC is registered. If you see any devices you don't recognize, remove them immediately.

3. Is 2-step verification disabled?
If you originally set up 2-step verification, check to see if it was turned off on your own. If it is turned off, please reset it immediately.

Hijacked! 5 things to do now if you feel like this

If you suspect your account has been compromised, please follow the steps below in order.

Solution 1: Change your password immediately
If you can log in, change your password from "Login & Security". Set a password that is not used for any other service and is at least 12 characters long, including uppercase letters, lowercase letters, numbers, and symbols.

Countermeasure 2: Sign out of all devices
After changing your password, go to "Login & Security" → "Manage device and app access" → "Sign out of Amazon on all web browsers". This will forcefully terminate any sessions the attacker may have left logged in to.

Solution 3: Delete unknown passkeys
Delete all passkeys other than those on your device from "Login & Security" → "Passkeys". The passkey itself is a secure authentication method, but if an attacker registers your device, they can pretend to be you.

Solution 4: Contact Amazon Customer Service
If you can log in, go to the Amazon website and select "Contact Customer Service" → "Other Inquiries" → "About Your Account" → "Request Telephone Support". If you are unable to log in, please contact Amazon official customer service directly by phone (0120-899-190).

When contacting us, please have the following information ready.

  • Registered name, email address, phone number
  • If there is an unauthorized order, the order number
  • Last 4 digits of credit card

Countermeasure 5: Contact your credit card company
The credit card registered with Amazon may have been used fraudulently. Contact your credit card company and complete the suspension/reissue procedures. You can also report abuse on Amazon's "Report suspicious activity" page.

No longer hijacked! 4 precautions to protect your account

Whether you have been victimized once or not yet, you can significantly reduce the risk of being hacked by taking the following measures.

Prevention 1: Make sure to turn on 2-step verification
You can enable it from Amazon's "Login & Security" → "2-Step Verification Settings". There are two types of authentication methods: SMS and authentication apps, but authentication apps (Google Authenticator, Microsoft Authenticator, etc.) are more secure than SMS. The authentication app's code is switched in a few tens of seconds, so the risk of it being intercepted is said to be low.

Prevention measure 2: Register a passkey on your device
A passkey is a mechanism for authentication using a pair of a private key stored on the device and a public key on the server side. Unlike passwords, it cannot be leaked to the outside world and is resistant to phishing sites. You can register from the Amazon app or browser from "Login & Security" → "Passkey" → "Settings".

Prevention 3: Don't reuse the same password outside of Amazon
One of the most common causes of Amazon account takeover is "reusing passwords." There are many cases where a combination of email address and password leaked from another service is tried on Amazon (list-based attack). We recommend using a password management app to set different passwords for each service.

Prevention #4: Don't fall for phishing emails
Most emails that say things like "You need to update your payment method" or "Your account has been suspended" are fake. Let's distinguish them using the following points.

  • The sender's email address is not "@amazon.co.jp" (e.g. amazon-security@xxx.com)
  • The link URL in the email is not "amazon.co.jp"
  • Requesting password or credit card number

If you feel even the slightest bit suspicious, don't follow the link in the email, log in directly from the Amazon app or browser and check it yourself. Amazon's official "Detecting fraud" page may also be helpful.

FAQ

Can I cancel my order if my Amazon account is compromised?

Yes, you can. Contact customer service to have your fraudulent order canceled and refund processed. Even if the package has already been shipped, in most cases a refund will be issued if unauthorized access is confirmed as a result of the investigation.

What will happen if we leave the takeover unnoticed?

There have been reports of damage in which attackers purchase expensive items or purchase Amazon gift certificates to use up their charge balance. Additionally, if your email address is changed, it will take time to recover, so early detection and early action are important.

If I set a passkey, will I no longer need a password?

As of March 2026, even if you set a passkey, your password will still be valid. Passkeys are positioned as an "additional authentication method" that makes login easier and safer, but do not completely eliminate the need for passwords.

What should you do if you click on a link in a phishing email?

If you have not entered information such as a password, it is unlikely that damage will occur just by opening the link. However, to be on the safe side, change your Amazon password immediately and enable two-step verification. If you have entered your information incorrectly, please change your password immediately and contact customer service.

References