E-commerce behemoth Amazon has confirmed that some of its employee data was compromised due to a security breach involving a third-party vendor. According to Amazon, the breach affected work-related contact information, including employee email addresses, desk phone numbers, and building locations.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Adam Montgomery, a spokesperson for the company, commented on the matter. No sensitive personal data, such as Social Security numbers or financial information, was exposed in the latest security breach, as the information was never accessible to the third-party vendor.
The exact number of employees affected by the latest security breach has not been disclosed by Amazon, though reports state that 2,861,111 lines of data belonging to Amazon were leaked.
From the looks of it, the newest data breach can trace its roots back to the 2023 MOVEit Transfer vulnerability (CVE-2023-34362), a critical flaw in Progress Software’s managed file transfer service that was first exploited in May 2023. At that time, this allowed threat actors to bypass bypass authentication protocols through an SQL injection flaw, potentially granting unauthorized access to MOVEit Transfer databases. MOVEit Transfer is widely used by government agencies and private enterprises across the globe, and the threat actors exploited the flaw to carry out supply chain attacks that impacted over 1,000 organizations worldwide. At that time, the Clop ransomware gang claimed responsibility for many of these attacks.
For now, the threat actor known as “Nam3L3ss” has claimed responsibility for leaking Amazon’s data on BreachForums, which is a popular hacking forum. Nam3L3ss is not a newcomer in the global cybercrime community, and is known for extracting data from organizations via ransomware incidents or unauthorized access to exposed databases. The hacking forum itself was launched two years ago and since then, has served as a successor to RaidForums.
In this case, Nam3L3ss shared over 2.8 million records of Amazon employee information, alongside data from more than 25 other organizations, and stated that the data from Amazon represents only a fraction of what they have collected, and over 250 terabytes of archived information has been collected from various sources. It further claimed that it has managed to download “entire databases from exposed web sources including mysql, postgres, SQL Server databases and backups, azure databases and backups etc.” It has already leaked 25 CSV datasets of companies. This includes Amazon, HSBC, Cardinal Health, and, Delta Airlines, to name some. “Such data could serve as a goldmine for cyber criminals seeking to engage in phishing, identity theft, or even social engineering attacks on a large scale,” cybersecurity firm Hudson Rock commented on the matter.