Employee data stolen from last year’s MOVEIt breach has been posted on a well-known hacking forum, including details on up to 2.8 million Amazon workers.
Over the weekend, a user called “Nam3L3ss” began sharing the data on the forum, saying the stolen information comes from numerous companies, including Amazon, HP, Lenovo, Fidelity, HSBC, and Delta Air Lines.
On Monday, Amazon confirmed it had lost company employee information through a hack at a third-party provider. “We were notified about a security event at one of our property management vendors that impacted several of its customers, including Amazon,” the company said in a statement. “The only Amazon information involved was employee work contact information, for example, work email addresses, desk phone numbers, and building locations.”
This Tweet is currently unavailable. It might be loading or has been removed.
The e-commerce giant didn’t offer any more details, but Nam3L3ss is sharing a database allegedly consisting of 2,861,111 lines full of individual Amazon employee contact information, including their full names.
Cybersecurity vendor Hudson Rock first alerted the public about the stolen information after spotting Nam3L3ss publish the databases in the hacking forum. The looted information dates back to May 31, about the time when hackers began exploiting the zero-day vulnerability in MOVEIt, a popular file transfer platform used by many companies.
It looks like Nam3L3ss has obtained employee-related data from 25 organizations, according to Hudson Rock. “The directories contain detailed employee information, including names, email addresses, phone numbers, cost center codes, and, in some cases, entire organizational structures,” the cybersecurity vendor added.
Amazon seems to have lost the biggest batch of employee records through the MOVEIt breach. Others, such as Lenovo, lost over 45,000 records, while HP lost over 104,000. In the wrong hands, the data could be useful in helping hackers target specific employees at the affected companies through phishing emails or other social engineering techniques.
Recommended by Our Editors
In their post, even Nam3L3ss noted the significance of the stolen information, posting: “Folks, PLEASE Pay Attention, these are Company Employee Directories, some sites have the Organizational Structure and even other Files.”
However, Nam3L3ss doesn’t claim to be a hacker. Instead, they said the data was collected from sites operated by ransomware gangs, including CLOP, which was quick to exploit the MOVEIt vulnerability. “I track all of the Ransom Group sites, and have my own tools that auto find AWS, Azure and other sites open bucket,” Nam3L3ss wrote in a post. “I download everything i can from Ransom Group TOR sites, and form open cloud services.”
Nam3L3ss’ intentions are unclear. But the mysterious user indicates that they’re sitting on 1,000 other databases, which they could end up sharing with the hacking forum. “At present, I have well over 250TB of archived database files, etc. “
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
