Close Menu
    Technology

    Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

    By No Comments2 Mins Read
    Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

    Breaking news

    Amazon employees’ data is portion of a stolen trove posted to a cybercrime forum linked to ultimate one year’s MOVEit vulnerability.

    “Amazon and AWS systems remain secure, and we have not experienced a security event,” a spokesperson told The Register. “We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”

    The stolen data used to be celebrated by cybercrime intelligence firm Hudson Rock, which detailed that it used to be connected to CVE-2023-34362, a severe vulnerability found mid-2023 in file transfer system MOVEit. The CVE allowed hackers to bypass authentication to compile sincere of entry to the data.

    Hudson Rock referred to the CVE as “one of the most substantial leaks of corporate information last year.”

    “The directories contain detailed employee information, including names, email addresses, phone numbers, cost center codes, and, in some cases, entire organizational structures,” it wrote.

    That level of part, claimed the firm, might maybe maybe start doorways for social engineering and assorted safety threats.

    • Schneider Electric ransomware crew demands $125k paid in baguettes
    • China’s Volt Typhoon reportedly breached Singtel in ‘test-fling’ for US telecom assaults
    • US govt hit by Russia’s Clop in MOVEit mass assault
    • White Residence file dishes deets on all 11 main govt breaches from 2023

    Even supposing many corporations had been listed as being affected, including HP, Applied Materials, 3M, Lenovo, British Telecom, and more, Amazon used to be named as having the most exposed data – over 2.86 million of the bigger than 5 million data.

    A few of that data is being auctioned and/or distributed by a character going by Nam3L3ss on BreachForums.

    “I have 1,000 releases coming never seen before,” Nam3L3ss is alleged to gain told Hudson Rock. In communication with the protection firm, Nam3L3ss professed now not to be a hacker.

    This might increasingly be because the MOVEit vulnerability used to be recognized as originally hacked by the Cl0p ransomware community, even supposing the data now being supplied on BreachForums by Nam3L3ss used to be now not involved in a earlier leak. ®

    Read More

    Share.

    Related Posts

    Comments are closed.