Amazon has confirmed a security breach involving a third-party vendor, affecting work-related contact information such as email addresses, phone numbers, and building locations.
The company claims that Amazon and AWS systems remain secure, and no sensitive personal data, such as Social Security numbers or financial information, was exposed. The breach affected several customers, including Amazon, and only affected Amazon's work contact information.
The company's spokesperson, Adam Montgomery, stated that Amazon and AWS systems remain secure.
Amazon has disclosed that 2,861,111 lines of data were leaked due to a security breach involving the 2023 MOVEit Transfer vulnerability. The flaw, exploited in May 2023, allowed threat actors to bypass authentication protocols and potentially grant unauthorized access to MOVEit Transfer databases.
The flaw was exploited by the Clop ransomware gang, which claimed responsibility for many of the supply chain attacks that affected over 1,000 organizations worldwide. The exact number of employees affected remains unknown.
Nam3L3ss, a well-known threat actor in the global cybercrime community, has claimed responsibility for leaking Amazon's data on the popular hacking forum, BreachForums.
Nam3L3ss is known for extracting data from organizations through ransomware incidents or unauthorized access to exposed databases.
BreachForums, launched two years ago, serves as a successor to RaidForums.
Nam3L3ss has leaked over 2.8 million records of Amazon employee information and data from over 25 other organizations, including Amazon, HSBC, Cardinal Health, and Delta Airlines.
The data from Amazon is only a fraction of the total collection, with over 250 terabytes of archived information collected from various sources.
The company has also downloaded entire databases from exposed web sources, including MySQL, PostgreSQL, SQL Server, and Azure databases.
Cybersecurity firm Hudson Rock warns that this data could be a valuable resource for cyber criminals.
0 Comments