The MOVEit breach was one of the biggest breaches of 2023. Cl0p threat actors exploited vulnerabilities in the file transfer software and exfiltrated massive amounts of data from entities in all sectors. Now data from Amazon and almost three dozen other MOVEit victim entities is being leaked on BreachForums by a forum user calling themself “Nam3l3ss.”
ITPro reports:
An Amazon spokesperson told ITPro its internal systems remain secure, insisting the incident was isolated to one of its third-party property management systems.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.”
The leak reportedly only affects Amazon employee data and only their work data and work location — not their personal information.
Nam3L3ss claims to have over 2.8 million records stolen from Amazon in particular, as well as half a million taken from life insurance company MetLife.
The total number of records published in the initial release was nearly five million lines of data, affecting 25 large organizations.
Read more at ITPro.