HQ/EMEAFind out how we can help your business
Following the exposure of data obtained during the May 2023 MOVEit file transfer attack on an online hacker forum, Amazon recently acknowledged a data breach affecting employee information.
More than 2.8 million entries of Amazon employee data, including names, contact information, building addresses, work emails, desk phone numbers, and other internal contact details, were made public by the malicious threat actor dubbed Nam3L3ss.
The Amazon data breach involved only basic employee contact info via a third-party vendor, with Amazon and AWS systems remaining secure.
The company assured the public that its internal systems, including Amazon Web Services (AWS), were not affected by the incident. Amazon spokesperson Adam Montgomery clarified that the data exposure stemmed from a third-party property management vendor. Montgomery stated that Amazon and AWS systems remain secure and that the company has not experienced any security incidents.
He added that only basic employee contact information, such as work email addresses, desk phone numbers, and office locations, was accessed. Montgomery also confirmed that the vendor quickly patched the vulnerability that allowed the breach. Other sensitive data such as Social Security numbers, government identification, and financial records were reportedly not included in the exposed information.
Nam3L3ss has leaked information from a range of other organisations also impacted by MOVEit-related attacks or through vulnerabilities in other online sources. Among these are Lenovo, HP, TIAA, Schwab, HSBC, Delta, McDonald’s, and MetLife, with data obtained from ransom group leak sites and cloud storage resources like AWS and Azure. The threat actor has openly disclosed that some of this data comes from publicly accessible sources that are left exposed.
Nam3L3ss also claims to have acquired a massive archive exceeding 250 terabytes of database files sourced from unprotected internet locations. These are reportedly downloaded from exposed databases, including SQL backups, and converted to formats that make them easy to share. The Amazon data posted on the forum is listed for download on BreachForums for eight credits.
Amazon’s response to the breach has focused on reassuring employees and the public that sensitive information remains secure. Nonetheless, even contact information, like business emails and phone numbers, can raise the possibility of social engineering or phishing attempts.
The possible security concerns associated with vendor relationships—especially those involving access to internal data—are demonstrated by this incident. Amazon’s prompt vendor vulnerability patching and communication emphasise the value of careful third-party management, particularly as businesses become more dependent on external services.
