[ad_1]
Amazon has confirmed that employee data was compromised after a “security incident” at a third-party vendor.
In a statement provided to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that employee information was involved in the data breach.
“Amazon and AWS systems remain secure, and we have not experienced a security incident. We have been notified of a security event at one of our property management vendors that has affected many of its customers including Amazon. The only Amazon information involved is employees’ work contact information,” Montgomery said. For example, work email addresses, office phone numbers, and construction sites.
Amazon declined to specify how many employees were affected by the breach. He noted that the unnamed third-party vendor does not have access to sensitive data such as Social Security numbers or financial information, and said that the vendor fixed the security vulnerability responsible for the data breach.
This confirmation comes after the threat actor claimed to have posted data stolen from Amazon on the notorious hacking site BreachForums. This person claims to have more than 2.8 million lines of data, which they say was stolen during a massive MOVEit Transfer exploit last year.
The threat actor, operating under the alias “Nam3L3ss,” claims to have posted data that was allegedly stolen from 25 major organizations, namely cybersecurity firm Hudson Rock Reports.
“What I have seen so far is less than 0.001% of the data I have,” the threat actor claims. “I have 1,000 versions that have never been seen before.”
TechCrunch has contacted other organizations listed by the threat actor but has not yet received any further responses.
The MOVEit hack, which saw attackers exploit a zero-day vulnerability in Progress Software’s file transfer software, was the biggest hack of 2023.
These breaches, claimed by the notorious Clop ransomware and extortion gang, affected more than 1,000 organizations, including the Oregon Department of Transportation (3.5 million records stolen), the Colorado Department of Health Care Policy and Financing (four million) and the US government. Service contracting giant Maximus (11 million).
[ad_2]