- Amazon confirmed data breach about employee’s contact information on the third-party hacking forum.
- The Amazon data breaches underscore the widespread challenges in cybersecurity and data privacy.
What happened
Amazon disclosed on Monday that in a breach that affected a third-party vendor, a hacker had acquired over 2.8 million lines of employee data. A hacker named Nam3L3ss stated in a post on a hacker forum that the data was taken during the widespread 2023 attacks that took use of a flaw in Progress’ MOVEit file transfer application. The MOVEit data extortion effort targeted 25 companies in the IT sector, including Ernst & Young, IBM, Cognizant, Deloitte, and PricewaterhouseCoopers, dated back 2023. the exposed empolyee’s data including names, email addresses, phone numbers, cost center codes and even entire organizational structures.
“Amazon and AWS systems remain secure, and we have not experienced a security event,” the company speakperson said in the statement. “We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.”
Also read:NullBulge pulls off cyber heist, leaking Disney’s 1.1TB slack data
Also read:Hackers leak documents from Leidos, an IT services provider to US
Why it’s important
The MOVEit breaches were part of a larger campaign attributed to the Clop ransomware group, which exploited a zero-day vulnerability in the MOVEit Transfer software. This series of attacks affected thousands of organizations globally, leading to significant data theft across various sectors. By exploiting a zero-day vulnerability, the attackers highlighted the risks inherent in third-party dependencies and supply chain security.
The Amazon data breaches underscore the widespread challenges in cybersecurity and data privacy. For Amazon, a breach could mean compromised customer trust, financial losses, and vulnerabilities across its extensive third-party vendor network, impacting millions of users. As Amazon Web Services (AWS) supports numerous businesses globally, a security issue there could have cascading effects on other organizations, potentially disrupting critical services.
The incident emphasize the growing sophistication of cyber threats, where attackers target high-impact platforms with extensive user bases. It spotlight the need for stronger, proactive security measures, stricter regulatory compliance, and continuous monitoring of third-party software to protect sensitive data across complex digital ecosystems.