Amazon confirms employee data breach after vendor hack

pMicrosoft rereleases Exchange updates after fixing mail deliveryppSpyLoan Android malware on Google play installed 8 million timesppNew Windows Server 2012 zeroday gets free unofficial patchesppTor needs 200 new WebTunnel bridges to fight censorshipppMozilla really wants you to easily set Firefox as default Windows browserppIts only 50 to train for these CompTIA exams in this course dealppGoogle Chromes AI feature lets you quickly check website trustworthinessppNovel phising campaign uses corrupted Word documents to evade securityppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppAmazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forumppThe threat actor behind this data leak known as Nam3L3ss published over 28 million lines of Amazon employee data including names contact information building locations email addresses and moreppAmazon spokesperson Adam Montgomery confirmed Nam3L3ss claims adding that this data was stolen from systems belonging to a thirdparty service providerppAmazon and AWS systems remain secure and we have not experienced a security event We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon Montgomery saidppThe only Amazon information involved was employee work contact information for example work email addresses desk phone numbers and building locationsppThe company said the breached vendor only had access to employee contact information and the attackers didnt access or steal sensitive employee information like Social Security numbers government identification or financial information Amazon added that the vendor has since patched the security vulnerability used in the attackppNam3L3ss has also leaked the data from twentyfive other companies However they say some of the data was obtained from other sources including ransom gangs leak sites and exposed AWS and Azure buckersppI download entire databases from exposed web sources including mysql postgres SQL Server databases and backups azure databases and backups etc and then convert them to csv or other format they saidppDO NOT ask me for access to my storage etc at present I have well over 250TB of archived database files etcppThe list of companies whose data was stolen in MOVEit attacks or harvested from Internetexposed resources and has now been leaked on the hacking forum includes Lenovo HP TIAA Schwab HSBC Delta McDonalds and Metlife among others as shown in the table belowppBleepingComputer has contacted multiple companies and will update this article when additional information is availableppThe Clop ransomware gang was behind a wave of data theft attacks starting on May 27 2023 While the threat actor has said that the data was collected from various sources the date of May 30 2023 coincides with the MOVEit data theft attacks that occurred over the long US Memorial Day holidayppThe data leaked for each of the twentyfive companies is similar so it is believed that the data was stolen from a single vendor during these attacks and has now been released as separate data sets for the impacted customersppThe datatheft attacks leveraged a zeroday security flaw in the MOVEit Transfer secure file transfer platform a managed file transfer MFT solution used in enterprise environments to securely transfer files between business partners and customersppThe cybercrime gang began extorting victims in June 2023 exposing their names on the groups dark web leak siteppThe fallout from these attacks impacted hundreds of organizations worldwide with tens of millions of people having their data stolen and used in extortion schemes or leaked online since thenppMultiple US federal agencies and two US Department of Energy DOE entities have also been targeted and breached in these attacksppBologna FC confirms data breach after RansomHub ransomware attackppCyberattack at French hospital exposes health data of 750000 patientsppFord rejects breach allegations says customer data not impactedppFintech giant Finastra investigates data breach after SFTP hackppAmazon and Audible flooded with forex trading and warez listingsppNot a member yet Register NowppNew Windows Server 2012 zeroday gets free unofficial patchesppNew Rockstar 2FA phishing service targets Microsoft 365 accountsppSpyLoan Android malware on Google play installed 8 million timesppHow to leverage 200 million FCC program boosting K12 cybersecurityppWhy Cybersecurity Leaders Trust the MITRE ATTCK EvaluationsppCynet delivers 426 ROI in Forrester Total Economic Impact StudyppThe Actual Cost of Forgotten PasswordsppSolving the painful password problem with better policiesppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp