Amazon says hackers stole employee data from vendor’s servers

Global e-commerce giant Amazon has confirmed that it suffered a data security incident last year after a threat actor claimed that they stole the sensitive personal information of its employees.

 

Recently, a threat actor, going by the name “Nam3L3ss”, claimed that they obtained the personal data of Amazon employees. According to the hacker, the data originated from 2023 MOVEit attack where the Clop ransomware group exploited a zero-day SQL vulnerability in the Moveit Transfer web application.

 

According to a screenshot shared on X, Nam3L3ss published over 2.8 million lines of Amazon employees data, including their names, phone numbers, building locations, email addresses, job titles and more. 

 

 

The threat actor added that they have “obtained additional data from exposed web sources, including databases and backups, totalling over 250TB from companies such as Lenovo, HP, TIAA, HSBC, and Delta.”

 

In a statement shared with the media, Amazon spokesperson Adam Montgomery acknowledged the claims of Nam3L3ss and said that the data was stolen from a third-party service provider’s internal network.

 

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.

 

“The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery said.

 

He added that the hacker did not access sensitive data like Social Security numbers, government identification, or financial information as the affected third-party vendor did not have access to the same.

 

Commenting on the news, Kevin Robertson, COO of Acumen Cyber, said, “This leak shows how data makes its way across the dark web, often reappearing in the news long after breaches took place and often in the hands of other attackers.

 

“This latest update serves as a timely reminder for organisations to prioritise their supply chain resilience, because once data is stolen and ends up on the dark web, it rarely goes away.

 

“Always vet the security of suppliers and segregate the network to prevent attacks on suppliers compromising internal data. Furthermore, it’s also important to build out contingency plans to ensure services can remain robust and available even when critical partners are compromised.

 

“If this isn’t possible due to a shortage of skills or internal cyber security personnel, it’s time to look at outsourcing to organisations who are experts in this field,” Robertson added.