Particle.news

Download on the App Store

Amazon Confirms Employee Data Breach via Third-Party Vendor

The breach, linked to the MOVEit vulnerability, exposed over 2.8 million lines of employee contact information without compromising sensitive data.

Overview

  • Amazon's core systems remain secure, with no customer account data affected by the breach.
  • The compromised data includes employee email addresses, phone numbers, and building locations.
  • The breach resulted from a vulnerability in the MOVEit file transfer system, exploited by cybercriminals in 2023.
  • Threat actor 'Nam3L3ss' claims to have published the data on a hacking forum, impacting Amazon and 25 other organizations.
  • Amazon emphasizes that the vendor has since patched the vulnerability, and no sensitive employee data, such as Social Security numbers, was accessed.