Amazon confirms that employee data was stolen after a hacker claimed MOVEit breach
In a statement to TechCrunch, Adam Montgomery, Amazon’s spokesperson confirmed the breach of employee data. “Amazon’s and AWS’s systems are secure and we haven’t experienced any security events.” We received notification of a security incident at one of our vendors, which affected several customers including Amazon. Montgomery stated that the only Amazon data involved was contact information for employees, such as work email addresses and desk phone numbers. Amazon declined to disclose how many employees had been affected by the breach. The confirmation follows a claim by a threat actor that he had published Amazon data on the notorious hacking website BreachForums. The individual claims that they have over 2.8 million lines, which were stolen last year during the mass-exploitation MOVEit Transfer. The threat actor says that the data you’ve seen is only a fraction of what he has. “I have 1,000 releases coming never seen before.”
TechCrunch has contacted the other organizations listed by the threat actor but has not yet received any further responses. The MOVEit hack, in which attackers exploited a zero day vulnerability in Progress Software’s file transfer software, was 2023’s biggest hack. These hacks were claimed by the Clop ransomware and exortion gang and affected more than 1,000 organizations, including the Oregon Department of Transportation (3,5 million records stolen), Colorado Department of Health Care Policy and Financing (4 million), and U.S. Government services contracting giant Maximus (11,0 million).
