Amazon has confirmed that some of its employee data was compromised due to a security breach involving a third-party vendor. The breach affected work-related contact information, including employee email addresses, desk phone numbers, and building locations. No sensitive personal data, such as Social Security numbers or financial information, was exposed in the latest security breach. The data breach can trace its roots back to the 2023 MOVEit Transfer vulnerability (CVE-2023-34362), a critical flaw in Progress Software’s managed file transfer service. Nam3L3ss has claimed responsibility for leaking Amazon’s data on BreachForums, which is a popular hacking forum. The threat actor has shared over 2.8 million records of Amazon employee information, alongside data from more than 25 other organizations. The leaked data could serve as a goldmine for cyber criminals seeking to engage in phishing, identity theft, or social engineering attacks on a large scale.
Leave a Reply