New ask Hacker News story: AWS Closed My New Account

AWS Closed My New Account
4 by casenmgreen | 2 comments on Hacker News.
I opened a new AWS account for business, in mid-December 2021. Since opening I had not used the account, as I was finishing off old work in the existing account. About twenty days after opening, I came to log in, and found the account had been deleted a few days before. I had an email account specifically for AWS, for this account, which I checked now and then only, and in particular around this time I had not checked at all as I was experiencing (read "bedbound and aching all over"), and then recovering from, covid. I examined the account, and found there was an email giving me one day of notice before the account was deleted. In fact, there were two warning emails on the same day, in early January, giving different account closure dates, and of the two, the most recently received gave the one day of notice, and this it turned out was correct - an email came the next day informing me the account had been deleted. In the two emails giving me notice the account was suspended, AWS asked for additional information about me and my business. The emails begin by making a small ask - "at this time, we need you to confirm your address information" - and request for a utility bill. You read that, and think, well, that seems perfectly reasonable. Then you read on, and it progressively goes from address and utility bill, to; * The billing address and phone number of the payment method on the AWS account * The billing phone number of the payment method on the AWS account * Business name and phone number * The URL for your website * A contact phone number where you can be reached for additional information * Your reasons for using Amazon Web Services It is repugnant, both for asking so much, and the way in which it goes about asking, by pretending at first to be reasonable, and then by the time you reach the end of the email, having become grasping. All this is for an account which literally had not been used, not at all, not once, and was already most of a month old. I may be wrong, but I think what this actually is, is AWS phishing for personal information, using security as a pretence, and that the account has been suspended as a coercive measure, for we must also consider the twenty day delay - I can imagine it will often be the case by this time, the account owner will have servers running, testing or running some systems they've made - and then the account is suspended. They cannot shut down those servers. They MUST hand over the information AWS demand. I think companies more than anything want your phone number. Phone numbers are the modern unique identifier; they rarely change and cost money to obtain. Third party data collators collate based on phone number.