CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Amazon Employee Data Leaked by Hacker

Amazon has confirmed that some employee data was compromised as a result of a MOVEit hack last year.

Amazon

Amazon has confirmed that some employee data was compromised last year, apparently as a result of the massive MOVEit hacking campaign.

A hacker announced on the BreachForums cybercrime forum in recent days that they had obtained Amazon employee information, including names, phone numbers, email addresses,  job titles, and other information related to job role. 

The hacker claimed the data originated from the 2023 MOVEit hack, which involved the exploitation of a zero-day vulnerability in Progress Software’s MOVEit file transfer software to obtain sensitive information from thousands of organizations that had been using the product.

The MOVEit campaign, mostly believed to have been carried out by the Cl0p ransomware group, impacted nearly 2,800 organizations and resulted in the data of nearly 100 million individuals getting compromised. 

In a statement issued on Monday, Amazon confirmed the data breach, but made some important clarifications. 

The company said the data came from a third-party property management vendor — Amazon or AWS systems were not breached. Several of the third-party vendor’s customers were impacted by the incident and Amazon was one of them.

Amazon noted that only employee work contact information was exposed, such as work email addresses, desk phone numbers, and building locations, but other, more sensitive information such as Social Security numbers of financial information was not impacted.

The hacker claims the Amazon employee database has roughly 2.8 million entries, but it’s unclear how many employees are impacted. 

Advertisement. Scroll to continue reading.

The same hacker has also leaked data on several other major companies’ employees, including BT, McDonald’s, Lenovo, Delta Airlines, and HP. The data appears to be the result of the same MOVEit hack impacting the same real estate services company that stored Amazon employee data. 

Related: Wisconsin Insurer Discloses Data Breach Impacting 950,000 Individuals

Related: Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers

Related: Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.