Woke up to a series of emails this morning confirming that my Amazon account had been hacked and used to place an order at around 3AM. The perp had tried to get the vendor to deliver to a different address, which they refused to do. Then changed the email address on the account. Amazon detected something dodgy going on, changed the account password, reversed the email address change and deleted the order. Called the bank who confirmed the charge against my credit card (only £28!) which they were happy to refund, card cancelled and new one on the way. Old card deleted from Amazon and PayPal and new (different) strong passwords set on both. So it could have been much worse, but a bit of a pain nonetheless. How did they do it? My Amazon password was unique (i.e. not used for any other accounts) and I only ever logged in from my home PC (which I've confirmed today is virus and malware free). I've definitely not responded to any phishing emails or similar, and the account is only used by me.