Amazon confirms employee data stolen after hacker claims MOVEit breach

Date:

Share post:


Amazon has confirmed that employee data was compromised after a “security event” at a third-party vendor.

In a statement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach.

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery said.

Amazon declined to say how many employees were impacted by the breach. It noted that the unnamed third-party vendor doesn’t have access to sensitive data such as Social Security numbers or financial information and said the vendor had fixed the security vulnerability responsible for the data breach.

The confirmation comes after a threat actor claimed to have published data stolen from Amazon on notorious hacking site BreachForums. The individual claims to have more than 2.8 million lines of data, which they say was stolen during last year’s mass-exploitation of MOVEit Transfer.

The threat actor, operating under the alias “Nam3L3ss” claims to have published data allegedly stolen from 25 major organizations, cybersecurity firm Hudson Rock reports.  

“What you have seen so far is less than .001% of the data I have,” the threat actor claims. “I have 1,000 releases coming never seen before.”

TechCrunch has contacted the other organizations listed by the threat actor but has not yet received any further responses. 

The MOVEit breach, which saw attackers exploit a zero-day vulnerability in Progress Software’s file-transfer software, was the biggest hack of 2023. 

These hacks, which were claimed by the notorious Clop ransomware and extortion gang, impacted more than 1,000 organisations, including the Oregon Department of Transportation (3.5 million records stolen), the Colorado Department of Health Care Policy and Financing (four million) and U.S. government services contracting giant Maximus (11 million).



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Snapchat will soon be able to alert parents when their teen leaves or arrives at certain locations

Snapchat is bringing enhanced location sharing to Family Center, its parental controls hub, the company announced Thursday. Users...

PayPal once again lets you pool money from others to pay for things together

PayPal is launching a few features that let users in groups pool money with friends or family,...

US confirms China-backed hackers breached telecom providers to steal wiretap data

The U.S. government has confirmed that hackers with links to China breached multiple U.S. telecommunication service providers...

Tessl raises $125M at at $500M+ valuation to build AI that writes and maintains code

Many startups and larger tech companies have taken a crack at building artificial intelligence to code software....

Atlas.co wants its web-based mapping tool to be the Figma of geospatial data

Startup inspiration can strike anywhere. But for Atlas.co*, a freemium browser-based, real-time mapping tool that’s being built...

ePlane looks to ride the Indian government’s interest in air taxis with new $14M round

Soaring private vehicle ownership and declining use of public and non-motorized transport have created mounting traffic congestion...

Apple faces UK ‘iCloud monopoly’ compensation claim worth $3.8 billion

U.K. consumer rights group ‘Which?’ is filing a legal claim against Apple under competition law on behalf...

What’s DOGE? Musk’s new political appointment under Trump is a crypto joke

President-elect Donald Trump announced on Tuesday that one of his top donors, Elon Musk, will co-lead the...