Amazon confirmed a knowledge breach involving worker data after information allegedly stolen in the course of the Could 2023 MOVEit assaults was leaked on a hacking discussion board.
The risk actor behind this information leak, generally known as Nam3L3ss, revealed over 2.8 million strains of Amazon worker information, together with names, contact data, constructing areas, e mail addresses, and extra.
Amazon spokesperson Adam Montgomery confirmed Nam3L3ss’ claims, including that this information was stolen from techniques belonging to a third-party service supplier.
“Amazon and AWS techniques stay safe, and we’ve got not skilled a safety occasion. We had been notified a few safety occasion at one in all our property administration distributors that impacted a number of of its prospects together with Amazon,” Montgomery mentioned.
“The one Amazon data concerned was worker work contact data, for instance work e mail addresses, desk telephone numbers, and constructing areas.”
The corporate mentioned the breached vendor solely had entry to worker contact data, and the attackers did not entry or steal delicate worker data like Social Safety numbers, authorities identification, or monetary data. Amazon added that the seller has since patched the safety vulnerability used within the assault.
Nam3L3ss has additionally leaked the info from twenty-five different corporations. Nonetheless, they are saying among the information was obtained from different sources, together with ransom gangs’ leak websites and uncovered AWS and Azure buckers.
“I obtain complete databases from uncovered internet sources together with mysql, postgres, SQL Server databases and backups, azure databases and backups and so on after which convert them to csv or different format,” they mentioned.
“DO NOT ask me for entry to my storage and so on, at current I’ve nicely over 250TB of archived database information and so on.”
The checklist of corporations whose information was stolen in MOVEit assaults or harvested from Web-exposed sources and has now been leaked on the hacking discussion board contains Lenovo, HP, TIAA, Schwab, HSBC, Delta, McDonald’s, and Metlife, amongst others (as proven within the desk under).
BleepingComputer has contacted a number of corporations and can replace this text when extra data is offered.
| Firm | Date Stolen | Variety of Workers |
| Lenovo | 2023-05 | 45,522 |
| McDonald’s | 2023-05 | 3,295 |
| HP | 2023-05 | 104,119 |
| Metropolis Nationwide Financial institution | 2023-05 | 9,358 |
| BT | 2023-05 | 15,347 |
| dsm-firmenich | 2023-05 | 13,248 |
| Rush College | 2023-05 | 15,853 |
| URBN | 2023-05 | 17,553 |
| Westinghouse | 2023-05 | 18,193 |
| UBS | 2023-05 | 20,462 |
| TIAA | 2023-05 | 23,857 |
| OmnicomGroup | 2023-05 | 37,320 |
| Bristol-Myers Squibb | 2023-05 | 37,497 |
| 3M | 2023-05 | 48,630 |
| Schwab | 2023-05 | 49,356 |
| Leidos | 2023-05 | 52,610 |
| Canada Submit | 2023-05 | 69,860 |
| Amazon | 2023-05 | 2,861,111 |
| Delta | 2023-05 | 57,317 |
| Utilized Supplies | 2023-05 | 53,170 |
| Cardinal Well being | 2023-05 | 407,437 |
| US Financial institution | 2023-05 | 114,076 |
| fmr.com | 2023-05 | 124,464 |
| HSBC | 2023-05 | 280,693 |
| MetLife | 2023-05 | 585,130 |
The MOVEit data-theft assaults
The Clop ransomware gang was behind a wave of information theft assaults beginning on Could 27, 2023. Whereas the risk actor has mentioned that the info was collected from numerous sources, the date of Could 30, 2023, coincides with the MOVEit information theft assaults that occurred over the lengthy US Memorial Day vacation.
The info leaked for every of the twenty-five corporations is comparable, so it’s believed that the info was stolen from a single vendor throughout these assaults and has now been launched as separate information units for the impacted prospects.
The info-theft assaults leveraged a zero-day safety flaw within the MOVEit Switch safe file switch platform, a managed file switch (MFT) resolution utilized in enterprise environments to securely switch information between enterprise companions and prospects.
The cybercrime gang started extorting victims in June 2023, exposing their names on the group’s darkish internet leak web site.
The fallout from these assaults impacted tons of of organizations worldwide, with tens of tens of millions of individuals having their information stolen and utilized in extortion schemes or leaked on-line since then
A number of U.S. federal businesses and two U.S. Division of Vitality (DOE) entities have additionally been focused and breached in these assaults