Could the first password change request have been malicious?
The subsequent resets may not work because the email has been changed.
Check your credit cards they have on file to make sure you're not getting massive AWS charges.
I feel like I should attempt to reach out to Werner Vogels, their CTO, who I respect greatly. I'm sure this is some data migration that went rogue, etc., but a simple mechanism of "remind me later" to a password reset would have fixed the issue. You must not twist the arms of a customer with 2FA enabled to change their password! Also, if the mobile app asks me to change my password, it would be inconvenient as I still prefer desktop browsers for this type of activity. Also, the app on my phone, which has been installed and activated for ages, is effectively another form of 2FA - why was I logged out from there, too?! In general, they are violating many of the modern-day best practices!
No, I did not receive any emails - just visiting amazon.com required me to reauthenticate and then required to change the password. The good thing about 1Password and other password managers is that you can't easily get tricked as the password prompt won't match the hostname and this will make you more suspicious.
nikolay|3 years ago
nikolay|3 years ago