Security

Cyber-crime

Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

Over 5 million records from 25 organizations posted to black hat forum


Amazon employees' data is part of a stolen trove posted to a cybercrime forum linked to last year's MOVEit vulnerability.

"Amazon and AWS systems remain secure, and we have not experienced a security event," a spokesperson told The Register. "We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations."

The stolen data was noted by cybercrime intelligence company Hudson Rock, which detailed that it was related to CVE-2023-34362, a critical vulnerability discovered mid-2023 in file transfer software MOVEit. The CVE allowed hackers to bypass authentication to access the data.

Hudson Rock referred to the CVE as "one of the most substantial leaks of corporate information last year."

"The directories contain detailed employee information, including names, email addresses, phone numbers, cost center codes, and, in some cases, entire organizational structures," it wrote.

That level of detail, claimed the firm, could open doors for social engineering and other security threats.

Although many companies were listed as being affected, including HP, Applied Materials, 3M, Lenovo, British Telecom, and more, Amazon was named as having the most exposed records – over 2.86 million of the more than 5 million records.

Some of that data is being auctioned and/or distributed by a character going by Nam3L3ss on BreachForums.

"I have 1,000 releases coming never seen before," Nam3L3ss is claimed to have told Hudson Rock. In communication with the security company, Nam3L3ss professed not to be a hacker.

This may be because the MOVEit vulnerability was identified as originally hacked by the Cl0p ransomware group, even though the data now being offered on BreachForums by Nam3L3ss was not involved in a previous leak. ®

Send us news
2 Comments

AWS unveils cloud security IR service for a mere $7K a month

Tap into the infinite scalability... of pricing

Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket

ShinyHunters-linked heist thought to have been ongoing since March

AI and analytics converge in new generation Amazon SageMaker

Calling everything SageMaker is confusing – but a new name would have been worse says AWS

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

But can you really take crims at their word?

AWS now renting monster HPE servers, even in clusters of 7,680-vCPUs and 128TB

Heir to Superdome goes cloudy for those who run large in-memory databases and apps that need them

UK ICO not happy with Google's plans to allow device fingerprinting

Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right?

BlackBerry offloads Cylance's endpoint security products to Arctic Wolf

Fresh attempt to mix the perfect cocktail of IoT and Infosec

AWS says AI could disrupt everything – and hopes it will do just that to Windows

Cloud colossus reckons it can clarify hallucinations, get your apps off Microsoft's OS at pleasing speed

US reportedly mulls TP-Link router ban over national security risk

It could end up like Huawei -Trump's gonna get ya, get ya, get ya

Taiwan in talks to tap Amazon's Project Kuiper space broadband

In case of submarine cable failure, call Jeff Bezos

How Androxgh0st rose from Mozi's ashes to become 'most prevalent malware'

Botnet's operators 'driven by similar interests as that of the Chinese state'