Amazon has confirmed that worker knowledge was compromised after a “safety occasion” at a third-party vendor.
In an announcement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that worker info had been concerned in an information breach.
“Amazon and AWS programs stay safe, and now we have not skilled a safety occasion. We have been notified a few safety occasion at certainly one of our property administration distributors that impacted a number of of its clients together with Amazon. The one Amazon info concerned was worker work contact info, for instance work electronic mail addresses, desk telephone numbers, and constructing places,” Montgomery mentioned.
Amazon declined to say what number of staff have been impacted by the breach. It famous that the unnamed third-party vendor doesn’t have entry to delicate knowledge equivalent to Social Safety numbers or monetary info and mentioned the seller had fastened the safety vulnerability chargeable for the info breach.
The affirmation comes after a risk actor claimed to have revealed knowledge stolen from Amazon on infamous hacking website BreachForums. The person claims to have greater than 2.8 million strains of knowledge, which they are saying was stolen throughout final 12 months’s mass-exploitation of MOVEit Transfer.
The risk actor, working below the alias “Nam3L3ss” claims to have revealed knowledge allegedly stolen from 25 main organizations, cybersecurity agency Hudson Rock reports.
“What you might have seen up to now is lower than .001% of the info I’ve,” the risk actor claims. “I’ve 1,000 releases coming by no means seen earlier than.”
TechCrunch has contacted the opposite organizations listed by the risk actor however has not but acquired any additional responses.
The MOVEit breach, which noticed attackers exploit a zero-day vulnerability in Progress Software program’s file-transfer software program, was the largest hack of 2023.
These hacks, which have been claimed by the infamous Clop ransomware and extortion gang, impacted greater than 1,000 organisations, together with the Oregon Department of Transportation (3.5 million data stolen), the Colorado Department of Health Care Policy and Financing (4 million) and U.S. government services contracting giant Maximus (11 million).