A cache of Amazon employee data has surfaced on a cybercrime forum, part of a broader leak tied to last year’s mass exploitation of the MOVEit Transfer software.
The hacker, known by the alias “Nam3L3ss,” claims to have published over 2.8 million lines of data containing Amazon employee names, phone numbers, email addresses, job titles, and building locations, reportedly obtained through a third-party vendor.
The leak has revived concerns over the impact of MOVEit’s vulnerabilities, which previously led to data breaches at numerous high-profile companies last year.
Here’s everything we know about the latest incident.
How did the Amazon breach happen?
The Amazon data breach stemmed from a zero-day vulnerability in MOVEit Transfer, developed by Progress Software and used by companies to securely share files with business partners and clients. The flaw, which allowed hackers to bypass authentication, was initially exploited in May 2023, with cybercriminal groups—chief among them the Cl0p ransomware gang—targeting enterprises worldwide.
While Amazon’s core systems, including AWS, were not directly breached in this attack, the compromised data reportedly came from one of its property management vendors. Amazon confirmed in a statement that the vendor held employee contact details used internally, such as email addresses, desk phone numbers, and office locations. Sensitive information, including Social Security numbers and financial records, was not impacted, Amazon emphasized.
Why is the breach only surfacing now?
Though the initial MOVEit attacks unfolded in mid-2023, the Amazon data leak only emerged in recent days on BreachForums, a dark web platform where the hacker posted a trove of employee records, which were then discovered by security researchers.
The hacker “Nam3L3ss” claims this Amazon leak is just a fraction of the data obtained from MOVEit exploits, with “1,000 releases coming” across numerous companies. Alongside Amazon’s data, the list of companies impacted includes the likes of BT, McDonald’s, Lenovo, Delta Airlines, and HP—although Amazon has the most exposed records.
Lessons learned
The Amazon breach underscores critical lessons for corporate cybersecurity, especially with regards to third-party risk management. Companies across industries are increasingly dependent on external vendors to bolster their service offerings, but every new provider introduces potential entry points for digital exploitation.
For detailed guidance on enhancing supply chain security, read our article on mitigating the risk of third-party data breaches.