Amazon has confirmed that a data breach at a third-party vendor led to the exposure of employee contact information. The incident, tied to the mass exploitation of the MOVEit Transfer system last year, affected several clients of the unnamed vendor, including Amazon.
According to spokesperson Adam Montgomery, the breach involved work email addresses, desk phone numbers, and building locations for Amazon employees. Montgomery emphasized that Amazon and AWS systems remain secure, with no sensitive information such as Social Security numbers or financial data involved.
The confirmation follows reports by cybercrime firm Hudson Rock that the leaked data includes information from 25 other entities, including MetLife, HP, HSBC, and Canada Post. The breach became public after a threat actor, known as “Nam3L3ss,” claimed on the hacking forum BreachForums that they had extensive data from several organizations. The hacker alleges this is just a small fraction of the total information in their possession, hinting at more potential data releases. A screenshot of the forum post indicated the Amazon dataset contains over 2.8 million lines of employee contact details.
The MOVEit breach, one of the largest hacks of 2023, involved a zero-day vulnerability in Progress Software’s file-transfer solution. The incident compromised more than 1,000 organizations globally, including government and private entities like the BBC, British Airways, Sony, and U.S. Department of Energy. The notorious Clop ransomware group took responsibility for these breaches, which collectively exposed millions of sensitive records, such as healthcare and transportation data.
Though Amazon declined to reveal the exact number of employees impacted, the company assured that the third-party vendor responsible had since resolved the security vulnerability. For Amazon, this breach underscores the potential risks associated with third-party service providers, even as the company’s own systems remain intact.
Featured Image courtesy of Just_Super/Getty Images/iStockphoto
Follow us for more tech news updates.