Amazon has issued urgent warnings to millions of customers in 2025 as a surge in account attacks threatens both shoppers and sellers. Cybercriminals are exploiting vulnerabilities through phishing scams, fake domains, and sophisticated social engineering tactics, prompting Amazon to alert over 200 million Prime users about increased risks to their personal and financial data.​

The Scope of the Attacks

In recent months, Amazon has faced a dramatic spike in hacking attempts—jumping from 100 million to 750 million per day in just six months. The primary targets include both regular buyers and high-volume sellers. Attackers have registered over 100,000 counterfeit Amazon domains, often mimicking legitimate sites to trick users into revealing login credentials and payment details. Notably, a Singapore-based seller, KeaBabies, lost control of their $78 million annual business for seven days after hackers altered admin details and attempted to divert nearly $31,000 in payments.​

How the Attacks Work

The most common scams involve phishing emails and messages that appear to be from Amazon, often referencing Prime membership renewals or account security alerts. These messages typically contain malicious PDFs or links to fake login pages. Once users enter their credentials, attackers gain access to their accounts, change shipping addresses, place unauthorized orders, and sometimes even alter banking information to siphon funds. Experts note that hackers are also exploiting weak multi-factor authentication (MFA) systems and insufficient user permission controls, bypassing security measures that were previously considered reliable.​

Real-Life Impact and Expert Insights

Victims of these attacks report not only financial losses but also operational disruptions and reputational damage. “Amazon’s response time during these breaches is often too slow, leaving sellers stranded and unable to recover their accounts quickly,” said a cybersecurity analyst familiar with the KeaBabies case. For individual users, the fallout includes unauthorized purchases, compromised personal data, and potential identity theft.​

Security experts emphasize that Amazon’s vast ecosystem makes it an attractive target, but the company’s efforts to secure user accounts have struggled to keep pace with evolving threats. “The rise in account takeovers is a wake-up call for all Amazon users,” warns Davey Winder, a Forbes contributor. “Multi-factor authentication, regular password changes, and vigilance are no longer optional—they’re essential.”​

What You Should Do Next

If you suspect your Amazon account has been compromised, immediately change your password, enable two-factor authentication, and review your recent account activity for suspicious changes. Report any unauthorized transactions or login attempts to Amazon’s support team and monitor your bank and credit accounts for signs of fraud. Staying informed about the latest scam tactics and avoiding unsolicited emails or links can help protect your account and data.​

Amazon’s recent warnings underscore the growing threat of cybercrime in e-commerce, reminding users that proactive security measures are vital in today’s digital landscape.