A Security Event at a Property Management Vendor Impacted Amazon Employees
In a statement given to TechCrunch on Monday, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. The incident occurred at one of the company’s property management vendors, which has multiple customers including Amazon.
What Happened?
According to Montgomery, the security event at the vendor did not affect Amazon or AWS systems directly. However, the vendor notified Amazon about the breach, stating that it had impacted several of its customers, including Amazon.
"Amazon and AWS systems remain secure, and we have not experienced a security event," Montgomery emphasized. "We were notified about a security event at one of our property management vendors that impacted several of its customers, including Amazon."
The unnamed third-party vendor does not have access to sensitive data such as Social Security numbers or financial information. The company has fixed the security vulnerability responsible for the breach.
Number of Employees Impacted Unknown
Amazon declined to provide information on how many employees were affected by the breach. However, Montgomery stated that only employee work contact information was compromised, including:
- Work email addresses
- Desk phone numbers
- Building locations
Threat Actor Claims Stolen Data Published Online
A threat actor operating under the alias "Nam3L3ss" has claimed to have published data allegedly stolen from 25 major organizations on the notorious hacking site BreachForums. The individual claims to have more than 2.8 million lines of data, which they say was stolen during last year’s mass-exploitation of MOVEit Transfer.
The threat actor boasts about the sheer scale of the breach:
"What you have seen so far is less than .001% of the data I have," Nam3L3ss claims. "I have 1,000 releases coming never seen before."
The MOVEit Breach: A Massive Cybersecurity Incident
The MOVEit breach was one of the biggest hacks of 2023. Attackers exploited a zero-day vulnerability in Progress Software’s file-transfer software, impacting more than 1,000 organizations. Some of the notable victims include:
- Oregon Department of Transportation (3.5 million records stolen)
- Colorado Department of Health Care Policy and Financing (four million)
- U.S. government services contracting giant Maximus (11 million)
Amazon’s Response to the Breach
Amazon has confirmed that employee data was compromised in the third-party vendor breach but emphasized that no sensitive information was accessed. The company is working closely with its property management vendors to ensure the security of their systems.
What’s Next?
As the investigation into the breach continues, it remains to be seen how many employees were affected and what steps Amazon will take to prevent similar incidents in the future.
In related news, a threat actor has claimed to have published data allegedly stolen from 25 major organizations on the notorious hacking site BreachForums. The individual claims to have more than 2.8 million lines of data, which they say was stolen during last year’s mass-exploitation of MOVEit Transfer.
The threat actor boasts about the sheer scale of the breach:
"What you have seen so far is less than .001% of the data I have," Nam3L3ss claims. "I have 1,000 releases coming never seen before."
This incident highlights the need for organizations to prioritize cybersecurity and ensure that their vendors are taking adequate measures to protect sensitive information.
Conclusion
The Amazon third-party vendor breach is a sobering reminder of the importance of robust security measures in today’s digital landscape. As more details emerge about this incident, it will be interesting to see how it unfolds and what steps Amazon takes to prevent similar incidents in the future.
Additional Reading:
- A Brief History of Mass Hacks
- Tata Technologies Says Ransomware Attack Hit IT Assets, Investigation Ongoing
Stay Up-to-Date with TechCrunch’s Coverage:
Subscribe to our newsletters for the latest tech news and insights:
