[anonymoushn]

I was overbilled for this service in 2011 and Amazon insists to this day that they do not have records about this even if I forward them the emails :)

[supazek]

I setup an AWS account in college before I had ever worked and dealt with enterprise security. Didn’t use the account for anything. No 2FA and a weak password and all of a sudden I have a $15,000 bill from a crypto mining script. Worked with Amazon, got everything cleaned up, turned on 2FA and was only charged $100. Pretty generous considering it was entirely my fault

[dredmorbius]

Someone else's fraud isn't your fault.

Amazon can damned well run password strength / compromise tests and validations.