Amazon hit by data breach, contact details of employees exposed
What's the story
Amazon has confirmed a data breach that exposed its employees' contact information. The leaked data includes phone numbers, email addresses, and building locations associated with Amazon's workforce. The breach was first reported by 404 Media and later confirmed by an Amazon spokesperson, Adam Montgomery. He said the company was "notified about a security event at one of our property management vendors that impacted several of its customers, including Amazon."
Vulnerability
Breach traced back to 3rd-party vendor's security flaw
The data breach was linked to a critical security flaw in the MOVEit file transfer system of a third-party property management vendor. The vulnerability, which was first detected in May 2023, has impacted several other companies like the BBC, British Airways, Sony, and the US Department of Energy. The leaked data was allegedly shared on a hacking forum by someone who claimed it is "just a tiny portion of the data they have."
Security
Amazon's systems remain secure
Despite the breach, Montgomery assured that "Amazon and AWS systems remain secure, and we have not experienced a security event." The extent of the breach remains uncertain with a screenshot from the hacking forum post, showing over 2.8 million lines in the alleged Amazon dataset.
Safety
No sensitive personal or financial data compromised
Montgomery confirmed that the breach did not include any sensitive personal or financial data like social security numbers, any government identity documents, or financial information. The threat actor behind the breach, who goes by the alias "Nam3L3ss," claimed to have published data allegedly stolen from 25 major organizations including MetLife, HSBC, HP, as well as Canada Post.