Credit - Amazon
Employee information data was allegedly stolen by MOVEit attack Amazon confirmed a data breach.
The person responsible for the Employee Data Breach, called Nam3L3ss,
Shared more than 2.8 million lines of information about Amazon employees. This included names, contact details, building locations, email addresses, and other information. Amazon spokesperson Adam Montgomery confirmed what Nam3L3ss said. He added that this data was stolen from the systems of a third-party service provider.
“Amazon and AWS systems are secure, and we have had no security issues. We were notified of a security issue at one of our property management vendors that impacted a number of its customers, including Amazon,” Montgomery said.
The work contact information of employees, such as work email addresses, desk phone numbers, and building locations was only Amazon information in the leak.
The company said the breached vendor was only authorized to access employee contact information. The attackers didn’t access or steal sensitive information, including Social Security numbers, government IDs, or financial details. Amazon also said that the vendor has fixed the security problem that was used in the attack.
Nam3L3ss has leaked data from twenty-five other companies, though they say some of the data came from other sources, such as ransom gangs’ leak sites and exposed AWS and Azure buckets.
“I download entire databases from open web sources like mysql, postgres, SQL Server databases and backups, azure databases and backups, and then convert them to csv or another format,” they wrote.
