Man
Professional
- Messages
- 3,222
- Reaction score
- 832
- Points
- 113
MOVEit has become the Achilles' heel of the corporation.
Amazon confirmed the leak of its employees' data after a hacker published the stolen data on the dark web. The incident is related to an attack on the MOVEit platform that occurred in May 2023.
The hacker "Nam3L3ss" uploaded more than 2.8 million lines of data, including employee names, contact details, office locations, and email addresses. According to Amazon spokesman Adam Montgomery, the information was stolen from the systems of a third-party property management service provider. The incident affected several of the company's customers, including Amazon.
The company did not specify exactly how many employees were affected. At the same time, Amazon stressed that the contractor did not have access to sensitive data such as Social Security Numbers (SSNs) and financial information. It is also reported that the vendor has already fixed the vulnerability that led to the leak. Amazon assured that the company's systems, including AWS, remain secure and have not been compromised.
Nam3L3ss claims that in addition to the data stolen during the MOVEit attacks, some of the information was obtained from other sources, including open databases and leaks on ransomware sites. The hacker said that at the moment he has accumulated more than 250 TB of archives with databases collected from various Internet resources.
Publishing Amazon Employee Data (BleepingComputer)
Nam3L3ss said it had data allegedly stolen from 25 large organizations and that the information published was only a small part. The hacker plans to release more than a thousand new files.
The MOVEit incident is related to an attack by the Clop group, which has been exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data since the end of May 2023. MOVEit is used for secure file transfers in a corporate environment. The attacks affected thousands of organizations around the world and resulted in data breaches for tens of millions of people. Among those affected are major corporations and U.S. government agencies, including the U.S. Department of Energy, Shell, Deutsche Bank, and PwC.
Source
Amazon confirmed the leak of its employees' data after a hacker published the stolen data on the dark web. The incident is related to an attack on the MOVEit platform that occurred in May 2023.
The hacker "Nam3L3ss" uploaded more than 2.8 million lines of data, including employee names, contact details, office locations, and email addresses. According to Amazon spokesman Adam Montgomery, the information was stolen from the systems of a third-party property management service provider. The incident affected several of the company's customers, including Amazon.
The company did not specify exactly how many employees were affected. At the same time, Amazon stressed that the contractor did not have access to sensitive data such as Social Security Numbers (SSNs) and financial information. It is also reported that the vendor has already fixed the vulnerability that led to the leak. Amazon assured that the company's systems, including AWS, remain secure and have not been compromised.
Nam3L3ss claims that in addition to the data stolen during the MOVEit attacks, some of the information was obtained from other sources, including open databases and leaks on ransomware sites. The hacker said that at the moment he has accumulated more than 250 TB of archives with databases collected from various Internet resources.
Publishing Amazon Employee Data (BleepingComputer)
Nam3L3ss said it had data allegedly stolen from 25 large organizations and that the information published was only a small part. The hacker plans to release more than a thousand new files.
The MOVEit incident is related to an attack by the Clop group, which has been exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data since the end of May 2023. MOVEit is used for secure file transfers in a corporate environment. The attacks affected thousands of organizations around the world and resulted in data breaches for tens of millions of people. Among those affected are major corporations and U.S. government agencies, including the U.S. Department of Energy, Shell, Deutsche Bank, and PwC.
Source
