Amazon acknowledges employee information was stolen in 2023 security breach
On November 11, 2024, Amazon acknowledged that employee information and other data had been leaked due to a security flaw in MOVEit Transfer, a business service that uses SFTP and HTTP protocols for file transfers.
Amazon confirms employee data stolen after hacker claims MOVEit breach | TechCrunch
Amazon confirms employee data breach, but says it's limited to contact info - The Verge
https://www.theverge.com/2024/11/11/24293817/amazon-employee-emails-phone-numbers-moveit-data-breach
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald's, HSBC, HP, and Potentially 1000+ Other Companies | InfoStealers
https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
In May 2023, a high-severity zero-day vulnerability called ' CVE-2023-34362 ' that could lead to remote code execution was discovered in the file transfer service MOVEit Transfer. To date, there have been cases where CVE-2023-34362 has been exploited to threaten hundreds of companies with the threat of 'exposing confidential information,' and the personal information of approximately 6,800 employees and former employees of Sony Interactive Entertainment (SIE) has been leaked.
Sony admits that data of about 6,800 employees was leaked in a security breach - GIGAZINE
In addition, a threat actor known as 'Nam3L3ss' published employee information of 25 companies that he had obtained by exploiting CVE-2023-34362 on the hacking site 'BreachForums' in November 2024. This included more than 2.8 million rows of data in total, including Amazon, MetLife, HP, Delta Airlines, Lenovo, and McDonald's.
The information leaked from Amazon includes employees' personal names, affiliations, work phone numbers, and company email addresses as of May 2023. InfoStealers, an overseas media outlet, warned that 'sensitive information about roles and departments in organizations has also been revealed, which could lead to social engineering and other security threats.'
Adam Montgomery, a spokesman for Amazon, confirmed that employee information had been leaked, saying, 'Amazon and AWS systems remain secure and we have not experienced any security incidents, including data leaks, to date. Third-party vendors, including MOVEit Transfer, do not have access to sensitive data, such as Social Security numbers or financial information.' Montgomery did not disclose the number of employees affected.
However, Nam3L3ss claims, 'What I have released so far is less than 0.001% of the data I have obtained. I have more than 1,000 more to release in the future, which is unprecedented.' 'Everyone, please be careful. This time I only released company employee lists, but some sites contained organizational structures and other files were also stored.'
Related Posts:
in Security, Posted by log1r_ut