On Monday, Amazon confirmed that employee data had been compromised in a data breach incident at a third-party vendor hack. This hack has been associated with the May 2023 MOVEit data breach.
A spokesperson from Amazon, Adam Montgomery told TechCrunch that employee information had been involved in a data breach. However, he clarified that the Amazon and AWS Systems remain secure.
He hailed it as a “security event” which occurred at a third-party vendor, not at Amazon or AWS.
“We have not experienced a security event,” said Montgomery. “We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.”
It seems that Amazon employee information includes their work contact information – work email addresses, desk phone numbers, and building locations.
The exact number of victims of the data breach remains unbeknownst. Amazon has not confirmed how many employees' information was actually affected.
However, a user, Dark Web Informer on X (formerly Twitter) posted that the threat actor named Nam3L3ss has allegedly leaked 2,861,111 lines of employee data of Amazon.
The tech giant asserted that highly sensitive data such as the employee's Social Security numbers or financial information were not impacted by the breach.
This is because the third-party vendor who experienced the data breach didn’t have access to such sensitive information.
Amazon added that the vendor had remedied the security vulnerabilities that brought about the data breach.
Read: Top 10 Best and Most Famous Hackers in the World
‘1,000 releases coming never seen before’
A threat actor namely, Nam3L3ss allegedly leaked data of over 2.8 million lines of Amazon employee data on a hacking forum called BreachForums.
This Amazon employee data was stolen from a third-party vendor. Nam3L3ss also claimed to have stolen this data as part of the MOVEit data breach.
Cybercriminals exploited a vulnerability in Progress Software’s MOVEit file transfer app in the May 2023 data breach. This data breach was hailed as the biggest hack of 2023.
This app was used by thousands of organisations worldwide whose employees' information was submitted to the app. The data breach compromised customer and/or employee personal data.
Nam3L3ss not only targeted Amazon employee information but has leaked data from 25 other companies according to Bleeping Computer.
“What you have seen so far is less than .001% of the data I have,” the hacker claimed. “I have 1,000 releases coming never seen before.”.
The threat actor noted that some of the data was obtained from other sources including ransom gangs’ leak sites and exposed AWS and Azure buckers.
"I download entire databases from exposed web sources including MySQL, postgres, SQL Server databases and backups, Azure databases and backups etc and then convert them to CSV or other format," Nam3L3ss added.
"DO NOT ask me for access to my storage etc, at present, I have well over 250TB of archived database files etc."
After the data was stolen, the hacker exposed information about the attack on a hacking forum, implicating companies such as Lenovo, HP, TIAA, Schwab, HSBC, Delta, McDonald's, and Metlife.
While there may be other companies affected by this breach that have not yet been publicly identified, these are the ones currently known to have had their data leaked.
Read: Employee Data Exposed Following Dell Cyber Attack
MOVEit Data Breach
The massive data breach that occurred in May 2023 affected a large number of organizations. This incident, often referred to as the MOVEit Data Breach, took place over the US Memorial Day holiday weekend, beginning on May 27, 2023.
A cyber gang called Clop carried out a series of ransomware attacks that coincided with the Nam3L3ss hacking event. The threat actor claimed to have obtained the data from various sources on May 30, 2023.
The ransomware gang has been renowned since 2019 but rose to fame in 2023 for exploiting critical vulnerabilities in Progress Software’s MOVEit which is a widely used managed file transfer (MFT) platform.
This platform was massively used between business partners and their customers to transfer files safely. But on a zer-day security flaw, the ransomware gang exploited a vulnerability leading to the biggest data breach in 2023.
This attack allegedly affected over 2,700 organisations and 62 million people worldwide.
EM360Tech reported that the cost of the MOVEit incident stands at around $9.9 million. However, considering not all victims have reported the number of individuals impacted, the potential cost could continue to rise to as much as $65 million.
Clop stole data from various types of organizations from financial institutions, and government agencies to healthcare providers.
It seems that several U.S. federal agencies and two of the U.S. Department of Energy (DOE) bodies were targeted and breached as part of the cyber attacks.
According to Bleeping Computer, Clop has been extorting victims since June 2023 including exposing their names on the group’s dark web leak site.