Amazon has confirmed that employee contact information was stolen through the MOVEIt file transfer platform breach, which occurred last year. The stolen data, affecting up to 2.8 million Amazon workers, was posted on a popular hacking forum by a user named "Nam3L3ss." The leak includes sensitive details like work emails, phone numbers, desk locations, and employee names.
The breach occurred via a vulnerability in MOVEIt, which is used by many organizations, including HP, Lenovo, Fidelity, HSBC, and Delta Air Lines. Amazon confirmed that only employee contact information was impacted, adding that it was obtained through a third-party vendor’s security breach.
Cybersecurity firm Hudson Rock, which alerted the public, stated that the stolen directories also include data from 25 other companies, some containing detailed employee organizational structures. While the intent of the hacker is unclear, the data could be used for targeted phishing and social engineering attacks.
Related News