Re: How is the device added...?
The Prime Video app on the device generates a six character code, you go to primevideo.com, log with Amazon credentials, and enter that code.
You can turn on 2FA but that won't get rid of devices which are already paired. Also on Android, if you pair the Prime Video app, the main Amazon shopping app works using those credentials too.
Which makes me wonder if they're real devices as one smart TV per compromised account seems a pretty expensive way to go about it. Perhaps somebody's spinning up Android VMs with Prime Video and Amazon apps linked to compromised accounts.