Amazon Employee Data Exposed in MOVEit-Linked Breach
Amazon has confirmed a data breach affecting its employees after a hacker posted stolen data on the dark web. The incident is linked to a cyberattack on the MOVEit platform that occurred in May 2023.
The hacker, known as “Nam3L3ss,” released over 2.8 million lines of data, including employee names, contact details, office locations, and email addresses. According to Amazon spokesperson Adam Montgomery, the information was stolen from the systems of a third-party property management services provider. The breach impacted several of the provider’s clients, including Amazon.
Amazon has not disclosed the exact number of affected employees but emphasized that the contractor did not have access to sensitive information, such as Social Security numbers (SSNs) or financial data. It was also reported that the vendor has since remedied the vulnerability that led to the leak. Amazon assured that its own systems, including AWS, remain secure and were not compromised.
Nam3L3ss claims that, in addition to data stolen during the MOVEit attacks, some of the information was sourced from other origins, including open databases and data breaches on extortion sites. The hacker stated he has accumulated over 250 TB of database archives gathered from various internet sources.
Nam3L3ss also claimed to possess data allegedly stolen from 25 major organizations, asserting that the published information represents only a small fraction. The hacker plans to release more than a thousand additional files.
The MOVEit incident is linked to an attack by the Clop group, which since late May 2023 has exploited a zero-day vulnerability in the MOVEit Transfer platform to steal data. MOVEit is used for secure file transfers within corporate environments. The attacks have affected thousands of organizations worldwide and led to the exposure of tens of millions of individuals’ data. Among the victims are large corporations and U.S. government agencies, including the U.S. Department of Energy, Shell, Deutsche Bank, and PwC.
