How could someone in Nigeria sign in to my U.S. Amazon Account?

I live in the United States. I received an email notice from Amazon (not a phone alert) which I didn’t read for several days that someone signed in (not attempt to sign in) to my account in Nigeria.

Amazon asked me to confirm if this was me. I followed the Amazon prompts, changing the 3-month old password. My previous and current passwords are a mix of 20+ digits with no recognizable words plus special characters and numbers, a unique password that I don’t use anywhere else.

I have been using SMS and email for 2FA. I changed the phone number for SMS but left the email the same.

The Amazon orders, browsing history, and shipping addresses are all mine. If someone in Nigeria did log into this account, they haven’t caused me any problems, yet. I appreciate any insights: how worried should I be? What other precautions should I take? How did the Nigeria person figure out my email/phone number/password?

Find more posts tagged with

Security

Accepted answers

All comments

wirywrestler

That is very concerning. Not sure how others may answer, I never follow the prompts within these type of emails, no matter how real it may appear. Instead, I go straight to the website itself and check my profile for any notifications or unknown changes; then make changes or updates. I also forward that email to them for confirmation that it indeed came from them. Maybe I'm being over cautious.

Learning4

Wirywrestler, thank you for taking the time to answer. No, I don't think you are being overly cautious. I did go straight to the Amazon website instead of click on the link in the email notice but couldn't find anything about the Nigeria notice within my account and after about 15 minutes of poking around gave up.

In the Amazon email, the URL for the notice was listed in addition to the link, which started with https://www.amazon.com. I copied and passed the URL into a new tab instead of clicking on the email's link to change my password. As soon as I changed the password, I signed out and signed into Amazon on a new tab to confirm that the PW had been changed on the real website.

You wrote: " I also forward that email to them for confirmation that it indeed came from them." Good idea for the future, although I wouldn't know how to do this on Amazon.

I sure wish I knew what happened so I can prevent future sign ins of someone else to this account.