Amazon has acknowledged a hacking incident involving a third-party vendor that compromised employee data. The breach exposed work email addresses, phone numbers, and building locations of affected employees.
While Amazon's core systems remain secure, the company emphasized that the incident occurred at a vendor responsible for property management services. The vendor, which remains unnamed, has reportedly addressed the security vulnerability that led to the data breach.
What Amazon said
In a statement given to TechCrunch, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. “Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery said.
Amazon, however, declined to say how many employees were impacted by the breach.
The confirmation follows claims by a threat actor known as "Nam3L3ss" who has been leaking data stolen from various organizations, including Amazon. The data, allegedly obtained through the massive MOVEit Transfer exploit in 2023, has been shared on the notorious hacking forum BreachForums.
What is MOVEit
The MOVEit hacking, one of the largest cyberattacks of 2023, exploited a zero-day vulnerability in Progress Software's file transfer application. This vulnerability allowed malicious actors to gain unauthorized access to sensitive data from numerous organizations worldwide.
In addition to Amazon, other high-profile companies such as Lenovo, HP, TIAA, BT, Schwab, HSBC, Delta, McDonald's, and Metlife have been impacted by the MOVEit breach or other data exposure incidents.
While Amazon's core systems remain secure, the company emphasized that the incident occurred at a vendor responsible for property management services. The vendor, which remains unnamed, has reportedly addressed the security vulnerability that led to the data breach.
What Amazon said
In a statement given to TechCrunch, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. “Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery said.
Amazon, however, declined to say how many employees were impacted by the breach.
The confirmation follows claims by a threat actor known as "Nam3L3ss" who has been leaking data stolen from various organizations, including Amazon. The data, allegedly obtained through the massive MOVEit Transfer exploit in 2023, has been shared on the notorious hacking forum BreachForums.
What is MOVEit
The MOVEit hacking, one of the largest cyberattacks of 2023, exploited a zero-day vulnerability in Progress Software's file transfer application. This vulnerability allowed malicious actors to gain unauthorized access to sensitive data from numerous organizations worldwide.
In addition to Amazon, other high-profile companies such as Lenovo, HP, TIAA, BT, Schwab, HSBC, Delta, McDonald's, and Metlife have been impacted by the MOVEit breach or other data exposure incidents.
You may also like
Test Match: India's transition jigsaw - A work in progress
How a village girl's robot for farmers won her a ₹72 lakh job offer at Rolls-Royce's jet division
Liverpool 'considered' Marcus Rashford in shock move as six Isak alternatives emerge
EastEnders viewers in shock as BBC soap airs crude joke pre-watershed
Gregg Wallace's cryptic comment hours before John Torode axed from MasterChef
