Sergiu Gatlan reports:
Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum.
The threat actor behind this data leak, known as Nam3L3ss, published over 2.8 million lines of Amazon employee data, including names, contact information, building locations, email addresses, and more.
Amazon spokesperson Adam Montgomery confirmed Nam3L3ss’ claims, adding that this data was stolen from systems belonging to a third-party service provider.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon,” Montgomery said.
Read more at Bleeping Computer. Additional coverage of the MOVEit breach is linked from here.
As Gatlan reports, Nam3l3ss proactively addressed some of the questions people might have about how they acquired the data.
