Amazon confirmed an worker information breach after a risk actor leaked on a hacking discussion board what they claimed was information stolen in the course of the MOVEit information theft assaults in Could 2023.
The risk actor, often called Nam3L3ss, leaked over 2.8 million traces of Amazon worker information, together with names, contact info, constructing areas, electronic mail addresses, and extra.
Amazon spokesperson Adam Montgomery confirmed Nam3L3ss’ claims, including that this information was stolen from programs belonging to a third-party service supplier.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon,” Montgomery stated.
“The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”
The corporate stated the breached vendor solely had entry to worker contact info, and the attackers did not entry or steal delicate worker info like Social Safety numbers, authorities identification, or monetary info. Amazon added that the seller has since patched the safety vulnerability used within the assault.
Nam3L3ss has additionally leaked the information from twenty-five different corporations. Nevertheless, they are saying a number of the information was obtained from different sources, together with ransom gangs’ leak websites and uncovered AWS and Azure buckers.
“I download entire databases from exposed web sources including mysql, postgres, SQL Server databases and backups, azure databases and backups etc and then convert them to csv or other format,” they stated.
“DO NOT ask me for access to my storage etc, at present I have well over 250TB of archived database files etc.”
The listing of corporations whose information was stolen in MOVEit assaults or harvested from Web-exposed sources and has now been leaked on the hacking discussion board contains Lenovo, HP, TIAA, Schwab, HSBC, Delta, McDonald’s, and Metlife, amongst others (as proven within the desk beneath).
BleepingComputer has contacted a number of corporations and can replace this text when extra info is out there.
| Firm | Date Stolen | Variety of Staff |
| Lenovo | 2023-05 | 45,522 |
| McDonald’s | 2023-05 | 3,295 |
| HP | 2023-05 | 104,119 |
| Metropolis Nationwide Financial institution | 2023-05 | 9,358 |
| BT | 2023-05 | 15,347 |
| dsm-firmenich | 2023-05 | 13,248 |
| Rush College | 2023-05 | 15,853 |
| URBN | 2023-05 | 17,553 |
| Westinghouse | 2023-05 | 18,193 |
| UBS | 2023-05 | 20,462 |
| TIAA | 2023-05 | 23,857 |
| OmnicomGroup | 2023-05 | 37,320 |
| Bristol-Myers Squibb | 2023-05 | 37,497 |
| 3M | 2023-05 | 48,630 |
| Schwab | 2023-05 | 49,356 |
| Leidos | 2023-05 | 52,610 |
| Canada Publish | 2023-05 | 69,860 |
| Amazon | 2023-05 | 2,861,111 |
| Delta | 2023-05 | 57,317 |
| Utilized Supplies | 2023-05 | 53,170 |
| Cardinal Well being | 2023-05 | 407,437 |
| US Financial institution | 2023-05 | 114,076 |
| fmr.com | 2023-05 | 124,464 |
| HSBC | 2023-05 | 280,693 |
| MetLife | 2023-05 | 585,130 |
The MOVEit data-theft assaults
The Clop ransomware gang was behind a wave of information theft assaults beginning on Could 27, 2023.
These assaults leveraged a zero-day safety flaw within the MOVEit Switch safe file switch platform, a managed file switch (MFT) resolution utilized in enterprise environments to securely switch information between enterprise companions and prospects.
The cybercrime gang started extorting victims in June 2023, exposing their names on the group’s darkish internet leak web site.
The fallout from these assaults impacted a whole lot of organizations worldwide, with tens of tens of millions of individuals having their information stolen and utilized in extortion schemes or leaked on-line since then
A number of U.S. federal businesses and two U.S. Division of Power (DOE) entities have additionally been focused and breached in these assaults
