Nearly 3 million employee data records – including their email addresses and phone numbers – have leaked as a result of an incident related to a security flaw in the MOVEit software, which was discovered last year.
Amazon has confirmed that its employees’ data was revealed as a result of an information security breach, related to a MOVEit (CVE-2023-34362) security flaw. The breach occurred on the side of the property management service provider, affecting the company’s clients, including Amazon. The data leaked as a result of this event includes: email addresses of employees, their phone numbers, and building locations.
Amazon is not the only company (there are as many as 25 in total) that was damaged as a result of the leak, but in its case, the scale is the largest, covering over 2.86 million of over 5 million records affected by the information security breach. The data is being spread on BreachForums by a user named Nam3L3ss, although the initial gap was exploited by the Cl0p ransomware group.
The Amazon data leak shows that supply chains are continuously exposed to threats such as both new and known security flaws. It also confirms the critical need to improve risk management processes. Despite the fact that the original MOVEit software security gap was located and patched last year, organizations are still experiencing related problems, because as this attack shows, not all have implemented the appropriate updates. This incident should also serve as a reminder that even large tech companies with advanced security measures are still vulnerable to flaws in security from their subcontractors. Therefore, it’s even more necessary to stay vigilant and whenever possible, verify whether our contractors are applying the proper security procedures (e.g., updates) – comments Beniamin Szczepankiewicz, an analyst at the ESET antivirus laboratory.
Source: https://managerplus.pl/wyciek-danych-pracownikow-amazona-48089