Amazon has confirmed that worker knowledge was compromised after a “safety occasion” at a third-party vendor.
In a press release given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that worker data had been concerned in a knowledge breach.
“Amazon and AWS techniques stay safe, and now we have not skilled a safety occasion. We had been notified a few safety occasion at one in all our property administration distributors that impacted a number of of its clients together with Amazon. The one Amazon data concerned was worker work contact data, for instance work e mail addresses, desk cellphone numbers, and constructing places,” Montgomery mentioned.
Amazon declined to say what number of staff had been impacted by the breach. It famous that the unnamed third-party vendor doesn’t have entry to delicate knowledge comparable to Social Safety numbers or monetary data and mentioned the seller had mounted the safety vulnerability liable for the info breach.
The affirmation comes after a risk actor claimed to have printed knowledge stolen from Amazon on infamous hacking website BreachForums. The person claims to have greater than 2.8 million traces of knowledge, which they are saying was stolen throughout final yr’s mass-exploitation of MOVEit Switch.
The risk actor, working below the alias “Nam3L3ss” claims to have printed knowledge allegedly stolen from 25 main organizations, cybersecurity agency Hudson Rock studies.
“What you might have seen thus far is lower than .001% of the info I’ve,” the risk actor claims. “I’ve 1,000 releases coming by no means seen earlier than.”
TechCrunch has contacted the opposite organizations listed by the risk actor however has not but acquired any additional responses.
The MOVEit breach, which noticed attackers exploit a zero-day vulnerability in Progress Software program’s file-transfer software program, was the most important hack of 2023.
These hacks, which had been claimed by the infamous Clop ransomware and extortion gang, impacted greater than 1,000 organisations, together with the Oregon Division of Transportation (3.5 million data stolen), the Colorado Division of Well being Care Coverage and Financing (4 million) and U.S. authorities companies contracting large Maximus (11 million).
