Amazon discloses employee data breach after May 2023 MOVEit attacks
2024-11-12 06:59:9 Author: securityaffairs.com(查看原文) 阅读量:4 收藏

Amazon discloses employee data breach after May 2023 MOVEit attacks

Pierluigi Paganini November 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks.

Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. The company said that the data was stolen from a third-party vendor.

Amazon did not disclose the number of impacted employees.

A threat actor using the handle Nam3L3ss leaked over 2.8 million records containing employee data on the hacking forum BreachForums.

Amazon data breach

Compromised data includes names, contact information, building locations, email addresses, and more. Exposed data did not include Social Security numbers or financial information.

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Amazon spokesperson Adam Montgomery told TechCrunch.

The multinational technology company confirmed that it has patched the vulnerability explored by the threat actors in the attack.

It's going to be an interesting couple of days.

Amazon was compromised in May, 2023 via a MoveIT 0day exploit. Based on information we've received, we can confirm the Amazon data is 100% legitimate.

More information: https://t.co/fCQF3Gy3nG

— vx-underground (@vxunderground) November 11, 2024

Researchers from cybersecurity company Hudson Rock, reported that “Nam3L3ss” also claimed the leak of data allegedly stolen from 25 major organizations.

“MOVEit was previously known to have been exploited by CL0P Ransomware group, and while a lot of companies were tied to the exploit, companies in this specific breach such as Amazon, Mcdonald’s and others were not.” reads the report published by Hudson Rock. “Researchers can’t yet confirm whether the data came from CL0P, affiliates of it, or whether Nam3L3ss exploited these companies on their own.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, MOVEit)




文章来源: https://securityaffairs.com/170804/cyber-crime/amazon-employee-data-breach-may-2023-moveit-attacks.html
如有侵权请联系:admin#unsafe.sh