Amazon confirms worker information breach after vendor hack

Amazon confirmed an worker information breach after a risk actor leaked on a hacking discussion board what they claimed was information stolen in the course of the MOVEit information theft assaults in Could 2023.

The risk actor, often called Nam3L3ss, leaked over 2.8 million traces of Amazon worker information, together with names, contact info, constructing areas, electronic mail addresses, and extra.

Amazon spokesperson Adam Montgomery confirmed Nam3L3ss’ claims, including that this information was stolen from programs belonging to a third-party service supplier.

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon,” Montgomery stated.

“The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”

The corporate stated the breached vendor solely had entry to worker contact info, and the attackers did not entry or steal delicate worker info like Social Safety numbers, authorities identification, or monetary info. Amazon added that the seller has since patched the safety vulnerability used within the assault.

Amazon employee data for sale
Amazon worker information on the market (BleepingComputer)

Nam3L3ss has additionally leaked the information from twenty-five different corporations. Nevertheless, they are saying a number of the information was obtained from different sources, together with ransom gangs’ leak websites and uncovered AWS and Azure buckers.

“I download entire databases from exposed web sources including mysql, postgres, SQL Server databases and backups, azure databases and backups etc and then convert them to csv or other format,” they stated.

“DO NOT ask me for access to my storage etc, at present I have well over 250TB of archived database files etc.”

The listing of corporations whose information was stolen in MOVEit assaults or harvested from Web-exposed sources and has now been leaked on the hacking discussion board contains Lenovo, HP, TIAA, Schwab, HSBC, Delta, McDonald’s, and Metlife, amongst others (as proven within the desk beneath).

BleepingComputer has contacted a number of corporations and can replace this text when extra info is out there.



























Firm Date Stolen Variety of Staff
Lenovo 2023-05 45,522
McDonald’s 2023-05 3,295
HP 2023-05 104,119
Metropolis Nationwide Financial institution 2023-05 9,358
BT 2023-05 15,347
dsm-firmenich 2023-05 13,248
Rush College 2023-05 15,853
URBN 2023-05 17,553
Westinghouse 2023-05 18,193
UBS 2023-05 20,462
TIAA 2023-05 23,857
OmnicomGroup 2023-05 37,320
Bristol-Myers Squibb 2023-05 37,497
3M 2023-05 48,630
Schwab 2023-05 49,356
Leidos 2023-05 52,610
Canada Publish 2023-05 69,860
Amazon 2023-05 2,861,111
Delta 2023-05 57,317
Utilized Supplies 2023-05 53,170
Cardinal Well being 2023-05 407,437
US Financial institution 2023-05 114,076
fmr.com 2023-05 124,464
HSBC 2023-05 280,693
MetLife 2023-05 585,130

The MOVEit data-theft assaults

The Clop ransomware gang was behind a wave of information theft assaults beginning on Could 27, 2023.

These assaults leveraged a zero-day safety flaw within the MOVEit Switch safe file switch platform, a managed file switch (MFT) resolution utilized in enterprise environments to securely switch information between enterprise companions and prospects.

The cybercrime gang started extorting victims in June 2023, exposing their names on the group’s darkish internet leak web site.

The fallout from these assaults impacted a whole lot of organizations worldwide, with tens of tens of millions of individuals having their information stolen and utilized in extortion schemes or leaked on-line since then

A number of U.S. federal businesses and two U.S. Division of Power (DOE) entities have additionally been focused and breached in these assaults

Recent articles

Excessive-Severity Flaw in PostgreSQL Permits Hackers to Exploit Surroundings Variables

î ‚Nov 15, 2024î „Ravie LakshmananVulnerability / Database Safety Cybersecurity researchers have...

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Assault Confirmed

î ‚Nov 15, 2024î „Ravie LakshmananCommunity Safety / Vulnerability The U.S. Cybersecurity...