Amazon confirms worker data breach after vendor hack

Amazon confirmed a data breach involving worker data after information allegedly stolen through the Might 2023 MOVEit assaults was leaked on a hacking discussion board.

The risk actor behind this information leak, generally known as Nam3L3ss, printed over 2.8 million traces of Amazon worker information, together with names, contact data, constructing areas, e mail addresses, and extra.

Amazon spokesperson Adam Montgomery confirmed Nam3L3ss’ claims, including that this information was stolen from programs belonging to a third-party service supplier.

“Amazon and AWS programs stay safe, and we now have not skilled a security occasion. We had been notified a couple of security occasion at considered one of our property administration distributors that impacted a number of of its prospects together with Amazon,” Montgomery stated.

“The one Amazon data concerned was worker work contact data, for instance work e mail addresses, desk cellphone numbers, and constructing areas.”

The corporate stated the breached vendor solely had entry to worker contact data, and the attackers did not entry or steal delicate worker data like Social Safety numbers, authorities identification, or monetary data. Amazon added that the seller has since patched the security vulnerability used within the assault.

Nam3L3ss has additionally leaked the information from twenty-five different corporations. Nevertheless, they are saying among the information was obtained from different sources, together with ransom gangs’ leak websites and uncovered AWS and Azure buckers.

“I obtain whole databases from uncovered internet sources together with mysql, postgres, SQL Server databases and backups, azure databases and backups and so on after which convert them to csv or different format,” they stated.

“DO NOT ask me for entry to my storage and so on, at current I’ve nicely over 250TB of archived database information and so on.”

The listing of corporations whose information was stolen in MOVEit assaults or harvested from Web-exposed sources and has now been leaked on the hacking discussion board contains Lenovo, HP, TIAA, Schwab, HSBC, Delta, McDonald’s, and Metlife, amongst others (as proven within the desk under).

BleepingComputer has contacted a number of corporations and can replace this text when further data is out there.

The MOVEit data-theft assaults

The Clop ransomware gang was behind a wave of information theft assaults beginning on Might 27, 2023. Whereas the risk actor has stated that the information was collected from numerous sources, the date of Might 30, 2023, coincides with the MOVEit information theft assaults that occurred over the lengthy US Memorial Day vacation.

The information leaked for every of the twenty-five corporations is comparable, so it’s believed that the information was stolen from a single vendor throughout these assaults and has now been launched as separate information units for the impacted prospects.

The information-theft assaults leveraged a zero-day security flaw within the MOVEit Switch safe file switch platform, a managed file switch (MFT) answer utilized in enterprise environments to securely switch information between enterprise companions and prospects.

The cybercrime gang started extorting victims in June 2023, exposing their names on the group’s darkish internet leak web site.

The fallout from these assaults impacted a whole lot of organizations worldwide, with tens of hundreds of thousands of individuals having their information stolen and utilized in extortion schemes or leaked on-line since then

A number of U.S. federal companies and two U.S. Division of Power (DOE) entities have additionally been focused and breached in these assaults