Key Takeaways
- Amazon acknowledges that a third-party vendor may have compromised its employee data.
- The hack took use of a flaw in the MOVEit program.
- According to Amazon, its systems and private information are safe.
Amazon has acknowledged that a data leak has made its employees’ work-related contact information public.
Employee email addresses, desk phone numbers, and office locations were made public by the hack, which was connected to a security incident at one of Amazon’s third-party property management providers.
According to cybersecurity company Hudson Rock, the attack has been attributed to the hacker collective “Nam3L3ss.” Only a small portion of the more than 2.8 million lines of data that the gang claims to have stolen from 25 well-known companies, including Amazon, have been made public.
Amazon representative Adam Montgomery told TechCrunch that the company’s own systems, such as Amazon Web Services (AWS), were unaffected.
He added that only the data of the third-party vendor was compromised; crucial personal data like bank information or Social Security numbers were not included.
Amazon stated that it has hired cybersecurity specialists to evaluate and reduce any possible risks and is collaborating with the vendor to address the security issue.
MOVEIT Vulnerability Associated with Several High-Profile Incidents
This hack can be linked to a broader cyberattack that took use of a flaw in the well-known file transfer program MOVEit. Among the most catastrophic corporate breaches of the year, the vulnerability was a component of a series of attacks that started in May 2023 and affected organizations such as HSBC, Lenovo, HP, and Delta Airlines.
The most recent data leak adds to a rising number of recent high-profile breaches, such as those that impacted Disney in July and Dell’s 49 million customers in May, and highlights the ongoing cybersecurity issues that big businesses face.
These events remind us of the Mother of All Breaches (MOAB), a previous data breach that we revealed in January. Companies including Twitter, LinkedIn, Adobe, Canva, and Telegram were impacted by MOAB, which allegedly stole over 26 billion user data records.
Amazon has played down the severity of the attack and refused to identify the vendor, although photos purportedly released by the hacker raise the possibility that millions of data records were taken.
