Amazon Employee Data Breached in MOVEit Attack Fallout: Over 2.8 Million Records Leaked by Hackers

Amazon has confirmed an employee data breach following the massive MOVEit cyberattacks, after threat actor "Nam3L3ss" leaked over 2.8 million lines of employee data, including contact details and office locations, stolen through a third-party vendor. This attack is part of a larger breach that has impacted dozens of global companies through a vendor exploit.

  • Breach Confirmation: Amazon verifies a leak of employee contact information, stolen through a third-party vendor affected in the May MOVEit attacks.

  • Sensitive Data Protection: Amazon reports no sensitive data like Social Security numbers or financial details were exposed.
  • Scope of Impact: The threat actor claims additional leaks involving companies like Lenovo, HP, Delta, and Metlife, totaling over 25 impacted organizations.
  • Technique and Vulnerability: Clop ransomware gang exploited a zero-day vulnerability in MOVEit’s secure transfer platform, leading to extensive data exfiltration and subsequent leaks.
  • Global Fallout: MOVEit breaches affected hundreds of organizations and millions of people worldwide, with ongoing consequences for corporate and government entities.

The Amazon breach underscores the risks associated with third-party vendor security and the ongoing repercussions of the MOVEit data theft campaign. As attackers leverage vulnerabilities in secure transfer solutions, businesses must prioritize resilient vendor management and proactive security to protect sensitive data.