Page Loader
Summarize
Amazon hit by data breach, contact details of employees exposed
The leaked data includes email addresses and phone numbers

Amazon hit by data breach, contact details of employees exposed

Nov 12, 2024
09:46 am

What's the story

Amazon has confirmed a data breach that exposed its employees' contact information. The leaked data includes phone numbers, email addresses, and building locations associated with Amazon's workforce. The breach was first reported by 404 Media and later confirmed by an Amazon spokesperson, Adam Montgomery. He said the company was "notified about a security event at one of our property management vendors that impacted several of its customers, including Amazon."

Vulnerability

Breach traced back to 3rd-party vendor's security flaw

The data breach was linked to a critical security flaw in the MOVEit file transfer system of a third-party property management vendor. The vulnerability, which was first detected in May 2023, has impacted several other companies like the BBC, British Airways, Sony, and the US Department of Energy. The leaked data was allegedly shared on a hacking forum by someone who claimed it is "just a tiny portion of the data they have."

Security

Amazon's systems remain secure

Despite the breach, Montgomery assured that "Amazon and AWS systems remain secure, and we have not experienced a security event." The extent of the breach remains uncertain with a screenshot from the hacking forum post, showing over 2.8 million lines in the alleged Amazon dataset.

Safety

No sensitive personal or financial data compromised

Montgomery confirmed that the breach did not include any sensitive personal or financial data like social security numbers, any government identity documents, or financial information. The threat actor behind the breach, who goes by the alias "Nam3L3ss," claimed to have published data allegedly stolen from 25 major organizations including MetLife, HSBC, HP, as well as Canada Post.