Amazon Admits Data Breach as Latest MOVEit Scandal Victim

Employee locations, email addresses and phone numbers have been leaked, Amazon has admitted.

Employee locations, email addresses and phone numbers have been leaked, Amazon has admitted.

The breached data relates back to a massive attack when hackers exploited a zero-day vulnerability in Progress Software’s MOVEit file transfer app.

Amazon now joins a long list of companies who were impacted by the attack by Russian ransomware gang, Clop.

Amazon Data Breach

In a statement to The Verge, Amazon spokesperson Adam Montgomery said: “The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”

He added the assurance that “Amazon and AWS systems remain secure, and we have not experienced a security event.”

 

About Tech.co Video Thumbnail Showing Lead Writer Conor Cawley Smiling Next to Tech.co LogoThis just in! View
the top business tech deals for 2024 👨‍💻
See the list button

A screenshot from a hacking forum post appears to show more than 2.8 million lines of Amazon’s dataset. However, Amazon maintains that no sensitive data has been breached.

The breach dates back to May last year, when hackers got access to databases after a vulnerability exposed some of MOVEit’s servers.

As more and more victims came forward, the hackers issuing an ultimatum from its victims that it would expose the data online unless they made contact with Clop in June of last year.

Which Other Companies were Impacted by Clop Breach?

The companies affected included the BBC, British Airways and Nova Scotia’s government; and payroll data was in among the information stolen. Clop claimed that it actually had data from hundreds of companies in total though details are being released slowly as Clop released lists and experts trawled through the massive datasets.

Amazon is the latest addition to this list along with 25 others according to a report from the cybercrime firm Hudson Rock. MetLife, HP, HSBC, and Canada Post are also now said to be among the companies impacted now too.

As well as data relating to Amazon,  the image recently posted by a hacker named Nam3l3ss on a popular hacking forum also suggests they have access to employee data from other major corporations, such as HSBC and McDonalds, as well as the staff roster of the LAPD, including those undercover.

The US Cybersecurity and Infrastructure Security Agency (CISA issued a security advisory about a MOVEit software vulnerability on June 1. It has now published “migration steps” for MOVEit customers as well as advice going forward.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Katie has been a journalist for more than twenty years. At 18 years old, she started her career at the world's oldest photography magazine before joining the launch team at Wired magazine as News Editor. After a spell in Hong Kong writing for Cathay Pacific's inflight magazine about the Asian startup scene, she is now back in the UK. Writing from Sussex, she covers everything from nature restoration to data science for a beautiful array of magazines and websites.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals