Amazon has confirmed that employee data was compromised after a “security issue” at a third-party seller.
The company confirmed that a hacker stole the data of the company’s employees by exploiting a vulnerability in the MOVEit Transfer platform, a software used to provide secure file transfer between large organizations. This cyberattack is linked to the MOVEit vulnerability in June 2023 and was carried out by the hacker nicknamed “Nam3L3ss”.
This software uses mechanisms such as encryption, authorization and auditing to ensure the security of data. MOVEit is especially preferred in cases where sensitive data must be transmitted securely, but this time it turned out to be the opposite.
Amazon spokesman Adam Montgomery confirmed to TechCrunch on Monday that employee information was involved in a data breach.
“Amazon and AWS systems remain secure and we have not experienced any security incidents,” Montgomery said. “We have been notified of a security incident at one of our property management vendors that has impacted many of its customers, including Amazon. “The only relevant Amazon information, for example, is business email,” Montgomery said. “It was employees’ business contact information such as addresses, desk phone numbers and building locations.”
Amazon did not disclose how many employees were affected by the breach. The unnamed third party stated that the vendor did not have access to sensitive data such as Social Security numbers or financial information and stated that the vendor had patched the vulnerability responsible for the data breach.
Amazon stated that this breach only involved employees’ work contact information. Stolen data included email addresses, desk phone numbers and building locations. Amazon emphasized that this breach did not involve sensitive data such as social security numbers or financial information.
The vulnerability in the MOVEit Transfer platform revealed that the software had a critical error during file transfer. This vulnerability allowed hackers to gain unauthorized access to file systems.
Amazon announced that it quickly took precautions following the breach and notified affected employees. The company stated that they attach great importance to data security and have taken the necessary steps to prevent similar incidents from occurring again.
The hacker known as “Nam3L3ss” published some of the stolen data on a famous hacking forum called BreachForums. Such attacks remind us once again that even large technology companies must always be vigilant against cybersecurity threats.
What do you think?