My account was compromised and got a ridiculous bill
There were at least 50 instances running in many regions using the largest server available to get in linux form. Not sure how this happened but I got it solved before it got much worse. Note that this all started 5 days ago, imagine if I did not catch this faster.
Change your password and make sure it is strong.
Amazon did contact me and told me to stop everything and delete private keys (I never made any private keys but there were a few keys that could get access to my account regardless of password changes) and then they can fix the problem - hopefully this is all resolved because I wasn't even involved