Amazon recently confirmed a data breach that exposed work-related details for its employees on a hacking forum. The leaked information included email addresses, desk phone numbers, and building locations, affecting over 2.8 million records. The breach was traced back to a third-party vendor using the MOVEit file transfer system.
The issue arose due to a security flaw in MOVEit, commonly used for secure data transfers. Amazon clarified that no personal data, such as financial or government identification details, was part of the exposed data. Only work contact information was affected, which limited the extent of the breach.
Amazon pointed out that the breach did not originate from its own systems but stemmed from a vendor managing property data. The vendor has since updated its security to fix the vulnerability.
Who Else Was Affected By The MOVEit Data Breach?
Besides Amazon, the MOVEit breach impacted a few other major organisations, including MetLife, HSBC, HP, and Canada Post. Other affected companies, like the BBC, British Airways, and the U.S. Department of Energy, also experienced leaks through the same security flaw.
Cybersecurity firm Hudson Rock reported that data from different organisations was collected and leaked, though the specific information was different across companies. This breach adds to the list of cyberattacks faced by prominent companies this year, raising concerns about vulnerabilities in corporate security systems.
The Clop ransomware group has been linked to the MOVEit breaches. The group reportedly exploited a weakness in the platform to obtain data from multiple companies, launching attacks in late May and taking advantage of gaps in security across industries.
More from News
- Trump Lifts Sanctions in Syria: What Does This Mean For Syrian Businesses?
- Retail Cyber Attacks: Cartier And North Face Are The Next Retailers Affected
- A Look At The Different Technologies Volvo Is Bringing To Its Cars
- Klarna Launches Debit Card To Diversify Away From BNPL
- T-Mobile Now Has Fibre Internet Plans Available For Homes
- Bitdefender Finds 84% of Attacks Use Built In Windows Tools, Here’s How
- Japan Starts Clinical Trials For Artificial Blood Which Is Compatible With All Blood Types
- UK Unicorn Monzo Breaks £1 Billion in Revenue
What Security Issues Allowed The Breach To Happen?
The MOVEit breaches stemmed from a zero-day vulnerability, which allowed hackers to gain unauthorised access. This flaw, previously unknown to the platform’s developers, enabled attackers to retrieve information from various systems.
Progress Software, the company behind MOVEit, responded to the breach after it came to light. The timing—during a holiday period—allowed attackers a chance to access data while security responses were likely slower. Progress Software has since released updates to prevent future breaches.
The MOVEit platform has strengthened its security measures, and companies are now more aware of the risks of relying on widely-used systems with hidden vulnerabilities.
How Has Amazon Taken Action On The Breach?
Amazon confirmed that its own systems, including AWS, were unaffected in this breach. The data leak was limited to work contact details managed by a third-party vendor. Amazon clarified that this vendor did not have access to sensitive employee data, reducing the risk level for affected staff.
Since the breach, Amazon has worked with the vendor to fix the security flaw. Amazon assured employees and the public that its internal systems remain secure. The company has also brought in cybersecurity experts to continue investigating and addressing any other possible risks.
Who Is Behind The Amazon Data Leak?
A hacker known as Nam3L3ss claimed responsibility for the Amazon data leak, sharing the information on a crime-focused forum. Nam3L3ss has reportedly collected large amounts of data from other companies through ransom leaks, exposed databases, and unsecured storage sites.
Nam3L3ss claims to hold over 250 terabytes of data from various corporations, stored in a format that can be easily shared. Alongside Amazon, companies like Lenovo, McDonald’s, and Delta were also affected. This has made them wonder about what other information that could still be released over time.
5 Ways To Protect Employee Data
Companies can protect employee information through a mix of policies, technology tools, and regular training, these 5 ways will help…
Data Access Rules– Set specific rules on who can access employee information, making sure only authorised personnel have permission to view or modify sensitive data.
Multi-Step Authentication– Use authentication methods with multiple verification steps, like biometrics and one-time codes, to add layers of security and prevent unauthorised access.
Data Encryption– Encrypt data during transfer and storage to keep it secure, making it harder for anyone to access even if a breach occurs.
Data Loss Prevention– Apply DLP tools to monitor and control data movement, which helps block unauthorised data sharing outside the company.
Employee Training– Regularly inform employees about safe data practices, helping them recognise actions that could lead to accidental exposure of sensitive information.
