Employee locations, email addresses and phone numbers have been leaked, Amazon has admitted.
The breached data relates back to a massive attack when hackers exploited a zero-day vulnerability in Progress Software’s MOVEit file transfer app.
Amazon now joins a long list of companies who were impacted by the attack by Russian ransomware gang, Clop.
Amazon Data Breach
In a statement to The Verge, Amazon spokesperson Adam Montgomery said: “The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”
He added the assurance that “Amazon and AWS systems remain secure, and we have not experienced a security event.”
This just in! View
the top business tech deals for 2024 👨💻
A screenshot from a hacking forum post appears to show more than 2.8 million lines of Amazon’s dataset. However, Amazon maintains that no sensitive data has been breached.
The breach dates back to May last year, when hackers got access to databases after a vulnerability exposed some of MOVEit’s servers.
As more and more victims came forward, the hackers issuing an ultimatum from its victims that it would expose the data online unless they made contact with Clop in June of last year.
Which Other Companies were Impacted by Clop Breach?
The companies affected included the BBC, British Airways and Nova Scotia’s government; and payroll data was in among the information stolen. Clop claimed that it actually had data from hundreds of companies in total though details are being released slowly as Clop released lists and experts trawled through the massive datasets.
Amazon is the latest addition to this list along with 25 others according to a report from the cybercrime firm Hudson Rock. MetLife, HP, HSBC, and Canada Post are also now said to be among the companies impacted now too.
As well as data relating to Amazon, the image recently posted by a hacker named Nam3l3ss on a popular hacking forum also suggests they have access to employee data from other major corporations, such as HSBC and McDonalds, as well as the staff roster of the LAPD, including those undercover.
The US Cybersecurity and Infrastructure Security Agency (CISA issued a security advisory about a MOVEit software vulnerability on June 1. It has now published “migration steps” for MOVEit customers as well as advice going forward.