I started receiving emails from Amazon.com titled "Revisions to your account" with the contents as below:
Thanks for visiting Amazon.com! Per your request, we have successfully changed your password.
Visit Your Account at Amazon.com to view your orders, make changes to any order that hasn't yet entered the shipping process, update your subscriptions, and much more.
Should you need to contact us for any reason, please know that we can give out order information only to the name and e-mail address associated with your account. Thanks again for shopping with us.
I didn't worry overly as they looked like spam and in any case I don't have a .com account.
Then I received one that said:
Thanks for visiting Amazon.com! Per your request, we have changed the e-mail address associated with your account
The e-mail address associated with your account has been changed. The old address was russell@russell.com. The new address is zhaonian560631@163.com.
Visit Your Account at Amazon.com to view your orders, make changes to any order that hasn't yet entered the shipping process, update your subscriptions, and much more.
Should you need to contact us for any reason, please know that we can give out order information only to the name and e-mail address associated with your account.
Thanks again for shopping with us.
This worried me more so I tried to log onto my account and was told it didn't exist. I then checked my credit card statement and found a transaction that was not one I had initiated - an ebook in German.
A phone call to Amazon started the process of recovery and one to the bank to cancel the card and now all is back to normal.
The moral of this story is that these types of hacks are all too common and it is highly recommended to put the Two-Factor Authentication process in place.
This website explains it better than I can. My experience was virtually the same as Fritz'.
http://jeffreyfritz.com/2018/01/my-amazon-account-was-hacked-and-how-i-made-it-more-secure/Amazon state that "We do not know how this person got your sign-in information because that happened away from our websites". Not sure I believe this.
Anything that is ordered fraudulently is archived (or hidden) on the orders page. They can be revealed by finding the hidden option under the past orders dropdown.
Oh, and the sign in details for .com are the same as .co.uk!