This doesn't sound right. If you've changed your email account numerous times on Amazon, what are the odds somebody can navigate to those pages (Cox, Yahoo, Gmail, etc)...on their browser, mind you...and crack those passwords? I suppose they could access all accounts if you're using the same email address and/or phone number as your recovery methods but if you've changed that password as well, the odds are still astronomical.
Passwords aside, if you're using the Amazon Two-Step Verification, those codes are either locally generated (app) or locally accessible (SMS). Meaning, nobody can see those codes unless they have access to your "primary mobile device." If they don't have access to your primary device, they'd need access to your mandatory back-up device to either see or hear your unique security codes.
It doesn't sound like somebody has access to your Cox account, but somebody has access to your device(s). As BSD noted, something or someone has either infected your network or has access to your devices.
However, if you're using the Amazon Alternate Sign-In for Two-Step Verification, this could be causing your mystery. What is your first suspicion somebody has changed your password on Amazon; is it an error message after submitting your password? If so and you're using the Alternate verification, that's normal because your password will change every time.
Alternate Sign In for Two-Step Verification
[Step] 4. Add the security code to the end of your account password on the device or app you are attempting to register and submit again. For example, if your password is "abcdef" and the security code you receive is "12345", then enter "abcdef12345" in the password field. You will then be signed into your Amazon account.
Reference: https://www.amazon.com/gp/help/customer/display.html?nodeId=201962400
If you're using the normal 2-step method, you can skip the security code verification by checking the option for Do Not Require Codes on This Browser. This option needs cookies but if you're clearing cookies, you could be suspicious because Amazon will force you to re-verify again.
If you're not opting to bypass codes or not clearing cookies, you'll need to review your account in Amazon for any unknown "trusted" access and then either untrust, deverify, deauthorize, deregister those devices. If it keeps reappearing, you'll need to contact Amazon to investigate.
You didn't mention if the hacker is actually ordering stuff on Amazon. Are they? If so, where are they sending the packages?