Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Over 5 million records from 25 organizations posted to black hat forum

by · The Register

Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.

"Amazon and AWS systems remain secure, and we have not experienced a security event," a spokesperson told The Register. "We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations."

The stolen data was noted by cybercrime intelligence company Hudson Rock, which detailed that it was related to CVE-2023-34362, a critical vulnerability discovered mid-2023 in file transfer software MOVEit. The CVE allowed hackers to bypass authentication to access the data.

Hudson Rock referred to the CVE as "one of the most substantial leaks of corporate information last year."

"The directories contain detailed employee information, including names, email addresses, phone numbers, cost center codes, and, in some cases, entire organizational structures," it wrote.

That level of detail, claimed the firm, could open doors for social engineering and other security threats.

Although many companies were listed as being affected, including HP, Applied Materials, 3M, Lenovo, British Telecom, and more, Amazon was named as having the most exposed records – over 2.86 million of the more than 5 million records.

Some of that data is being auctioned and/or distributed by a character going by Nam3L3ss on BreachForums.

"I have 1,000 releases coming never seen before," Nam3L3ss is claimed to have told Hudson Rock. In communication with the security company, Nam3L3ss professed not to be a hacker.

This may be because the MOVEit vulnerability was identified as originally hacked by the Cl0p ransomware group, even though the data now being offered on BreachForums by Nam3L3ss was not involved in a previous leak. ®

Schneider Electric ransomware crew demands $125k paid in baguettesHellcat crew claimed to have gained access via the company's Atlassian Jira systemJessica Lyons, 05 Nov 2024China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacksAlleged intrusion spotted in JuneJessica Lyons, 06 Nov 2024US government hit by Russia's Clop in MOVEit mass attackCISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWindsJessica Lyons Hardcastle, 15 Jun 2023White House report dishes deets on all 11 major government breaches from 2023The MOVEit breach and ransomware weren’t kind to the Feds last yearConnor Jones, 12 Jun 2024