Amazon has acknowledged a hacking incident involving a third-party vendor that compromised employee data. The breach exposed work email addresses, phone numbers, and building locations of affected employees.
While Amazon's core systems remain secure, the company emphasized that the incident occurred at a vendor responsible for property management services. The vendor, which remains unnamed, has reportedly addressed the security vulnerability that led to the data breach.
What Amazon said
In a statement given to TechCrunch, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. “Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery said.
Amazon, however, declined to say how many employees were impacted by the breach.
The confirmation follows claims by a threat actor known as "Nam3L3ss" who has been leaking data stolen from various organizations, including Amazon. The data, allegedly obtained through the massive MOVEit Transfer exploit in 2023, has been shared on the notorious hacking forum BreachForums.
What is MOVEit
The MOVEit hacking, one of the largest cyberattacks of 2023, exploited a zero-day vulnerability in Progress Software's file transfer application. This vulnerability allowed malicious actors to gain unauthorized access to sensitive data from numerous organizations worldwide.
In addition to Amazon, other high-profile companies such as Lenovo, HP, TIAA, BT, Schwab, HSBC, Delta, McDonald's, and Metlife have been impacted by the MOVEit breach or other data exposure incidents.
While Amazon's core systems remain secure, the company emphasized that the incident occurred at a vendor responsible for property management services. The vendor, which remains unnamed, has reportedly addressed the security vulnerability that led to the data breach.
What Amazon said
In a statement given to TechCrunch, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. “Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery said.
Amazon, however, declined to say how many employees were impacted by the breach.
The confirmation follows claims by a threat actor known as "Nam3L3ss" who has been leaking data stolen from various organizations, including Amazon. The data, allegedly obtained through the massive MOVEit Transfer exploit in 2023, has been shared on the notorious hacking forum BreachForums.
What is MOVEit
The MOVEit hacking, one of the largest cyberattacks of 2023, exploited a zero-day vulnerability in Progress Software's file transfer application. This vulnerability allowed malicious actors to gain unauthorized access to sensitive data from numerous organizations worldwide.
In addition to Amazon, other high-profile companies such as Lenovo, HP, TIAA, BT, Schwab, HSBC, Delta, McDonald's, and Metlife have been impacted by the MOVEit breach or other data exposure incidents.
You may also like
'Lowering Navy standard just to let women in ... ' Donald Trump's defence secretary Pete Hegseth says women should not be in combat roles
Delhi Police arrests shooter of Tillu Tajpuria gang in Rohini area
Fresh warrant issued against former BJP MP Pragya Thakur
Watch| Donald Trump And Elon Musk Sing 'God Bless America' At Mar-a-Lago
Kareena Kapoor Flaunts Her Curves In Chic Black Archival Look Straight From 2002
