I've had the exact same issue with Amazon. I had prime. Suspected suspicious activity. It's been 6 months without resolution. I just created another account but I've been calling in every day since. There is no escalation, I keep getting told the same thing: We have no power, we just submit the form to the Account Specialists. You should be called back in 24 hours. I've not once received a call back. My old account is still being used for fake reviews, while amazon had completely locked out the account from being able to login on any device. I can't log in. Whomever is in my account seems to have complete control through some other method, which would explain how they were able to access my old account, even though I have 2FA and mobile authentication. There is a vulnerability they are not talking about.
I'm so fucking pissed about this. I signed up for AWS with a personal Amazon.com shopping account. Enabled 2FA, lost the token. I can care less about the AWS account but no longer can I change my password on the shopping account I've had for 10 years.
FWIW this is why it's a good idea to have two MFA mechanisms. If you can afford it I recommend getting 2 hardware tokens, and storing them separately (you can leave one in your computer, hard to lose).
Isn't that just the enterprise ones? I've been using personal hardware TOTP tokens[1][2] like this for years, where you can set the seed yourself using NFC.
There is a MFA reset process that requires a notary and what not. Wouldn't be an issue for the average Joe but since I've moved 3 times since signing up for AWS, I'm not sure which address they need and not even sure I can procure sufficient documents with those addresses on them.
I don't get this. You lost your MFA backup and you can not proof who you are and somehow this is amazons fault. What are you complaining about exactly?
I don't think he can't prove who he is. He is, after all, the same person. Rather, he can't verify to the service provider that he's the same individual that they have on file, despite being the same bag of flesh and bones he always was. And that is absolutely the service provider's fault.