Threat Actor: Nam3L3ss | Nam3L3ss
Victim: Amazon | Amazon
Price: Not disclosed
Exfiltrated Data Type: Employee data
Key Points :
- Data breach exposed employee information allegedly stolen during the May 2023 MOVEit attacks.
- Over 2.8 million records containing names, contact information, building locations, and email addresses were leaked.
- Data did not include Social Security numbers or financial information.
- The breach occurred through a third-party vendor, not directly from Amazon’s systems.
- Amazon confirmed that it has patched the vulnerability exploited in the attack.
- Researchers reported that Nam3L3ss claimed to have leaked data from 25 major organizations.
- MOVEit vulnerability was previously exploited by the CL0P ransomware group.
Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks.
Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. The company said that the data was stolen from a third-party vendor.
Amazon did not disclose the number of impacted employees.
A threat actor using the handle Nam3L3ss leaked over 2.8 million records containing employee data on the hacking forum BreachForums.
Compromised data includes names, contact information, building locations, email addresses, and more. Exposed data did not include Social Security numbers or financial information.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Amazon spokesperson Adam Montgomery told TechCrunch.
The multinational technology company confirmed that it has patched the vulnerability explored by the threat actors in the attack.
Researchers from cybersecurity company Hudson Rock, reported that “Nam3L3ss” also claimed the leak of data allegedly stolen from 25 major organizations.
“MOVEit was previously known to have been exploited by CL0P Ransomware group, and while a lot of companies were tied to the exploit, companies in this specific breach such as Amazon, Mcdonald’s and others were not.” reads the report published by Hudson Rock. “Researchers can’t yet confirm whether the data came from CL0P, affiliates of it, or whether Nam3L3ss exploited these companies on their own.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, MOVEit)