Polymer

Download free DLP for AI whitepaper

Summary

  • Over 2.8 million lines of Amazon employee data—names, emails, job titles, and more—surfaced on a cybercrime forum.
  • Known as “Nam3L3ss,” the hacker claims this Amazon release is only a fragment, with data from 25 other companies also in hand.
  • A vulnerability in MOVEit Transfer software, exploited by cybercriminal groups like Cl0p, allowed access to data through a third-party vendor.
  • Although the MOVEit breach began in mid-2023, Amazon’s data only appeared on BreachForums recently, discovered by security researchers.
  • The breach underscores the importance of rigorous vendor oversight and the vulnerabilities introduced by third-party data management.

A cache of Amazon employee data has surfaced on a cybercrime forum, part of a broader leak tied to last year’s mass exploitation of the MOVEit Transfer software. 

The hacker, known by the alias “Nam3L3ss,” claims to have published over 2.8 million lines of data containing Amazon employee names, phone numbers, email addresses, job titles, and building locations, reportedly obtained through a third-party vendor. 

The leak has revived concerns over the impact of MOVEit’s vulnerabilities, which previously led to data breaches at numerous high-profile companies last year. 

Here’s everything we know about the latest incident.

How did the Amazon breach happen? 

The Amazon data breach stemmed from a zero-day vulnerability in MOVEit Transfer, developed by Progress Software and used by companies to securely share files with business partners and clients. The flaw, which allowed hackers to bypass authentication, was initially exploited in May 2023, with cybercriminal groups—chief among them the Cl0p ransomware gang—targeting enterprises worldwide.

While Amazon’s core systems, including AWS, were not directly breached in this attack, the compromised data reportedly came from one of its property management vendors. Amazon confirmed in a statement that the vendor held employee contact details used internally, such as email addresses, desk phone numbers, and office locations. Sensitive information, including Social Security numbers and financial records, was not impacted, Amazon emphasized.

Why is the breach only surfacing now?

Though the initial MOVEit attacks unfolded in mid-2023, the Amazon data leak only emerged in recent days on BreachForums, a dark web platform where the hacker posted a trove of employee records, which were then discovered by security researchers. 

The hacker “Nam3L3ss” claims this Amazon leak is just a fraction of the data obtained from MOVEit exploits, with “1,000 releases coming” across numerous companies. Alongside Amazon’s data, the list of companies impacted includes the likes of BT, McDonald’s, Lenovo, Delta Airlines, and HP—although Amazon has the most exposed records. 

Lessons learned

The Amazon breach underscores critical lessons for corporate cybersecurity, especially with regards to third-party risk management. Companies across industries are increasingly dependent on external vendors to bolster their service offerings, but every new provider introduces potential entry points for digital exploitation. 

For detailed guidance on enhancing supply chain security, read our article on mitigating the risk of third-party data breaches.

Polymer is a human-centric data loss prevention (DLP) platform that holistically reduces the risk of data exposure in your SaaS apps and AI tools. In addition to automatically detecting and remediating violations, Polymer coaches your employees to become better data stewards. Try Polymer for free.

SHARE

Get Polymer blog posts delivered to your inbox.