Amazon has confirmed that worker information was compromised after a “security event” at a third-party vendor.
In a press release given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that worker info had been concerned in an information breach.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery stated.
Amazon declined to say what number of workers had been impacted by the breach. It famous that the unnamed third-party vendor doesn’t have entry to delicate information reminiscent of Social Security numbers or monetary info and stated the seller had fastened the safety vulnerability accountable for the information breach.
The affirmation comes after a risk actor claimed to have printed information stolen from Amazon on infamous hacking website BreachForums. The particular person claims to have greater than 2.eight million strains of knowledge, which they are saying was stolen throughout final yr’s mass-exploitation of MOVEit Transfer.
The risk actor, working beneath the alias “Nam3L3ss” claims to have printed information allegedly stolen from 25 main organizations, cybersecurity agency Hudson Rock studies.
“What you have seen so far is less than .001% of the data I have,” the risk actor claims. “I have 1,000 releases coming never seen before.”
TechCrunch has contacted the opposite organizations listed by the risk actor however has not but obtained any additional responses.
The MOVEit breach, which noticed attackers exploit a zero-day vulnerability in Progress Software’s file-transfer software program, was the largest hack of 2023.
These hacks, which had been claimed by the infamous Clop ransomware and extortion gang, impacted greater than 1,000 organisations, together with the Oregon Department of Transportation (3.5 million data stolen), the Colorado Department of Health Care Policy and Financing (4 million) and U.S. authorities providers contracting big Maximus (11 million).