Amazon Confirms Data Breach Affecting the Data of 2.8 Million of Its Employees

You May Be Interested In:Scientists discover new way to make fuel from water and sunlight, but more work is needed


  • Amazon was recently hit by a data breach that compromised the personal details of 2.8 million employees.
  • The main vulnerability lies in a file transfer software called MOVEit. Amazon’s property service management vendor used this software for its internal operations. 
  • So when the hacker group, identified as Nam3L3ss, struck and stole the data of 25 organizations, Amazon became one of the victims.

Amazon has confirmed a data breach that compromised the data of 2.8 million of its employees. Stolen data includes names, addresses, work phone numbers, email IDs, and building locations of affected employees. 

So far, it looks like sensitive information such as financial information, government IDs and Social Security numbers are safe

The company’s core systems are also fine. The breach took place through a third-party vendor that’s responsible for managing its property details. The vendor has not been named. 

Amazon also refused to comment on exactly how many employees’ information has been compromised. However, we managed to find the exact number through screenshots that were allegedly published by the hacker.

Speaking of the hacker, a group called Nam3L3ss has claimed responsibility for the attack. They posted about their successful campaign on BreachForums where it claimed to have stolen over 250TB worth of data

It also said that the data it has published is only 0.001% of its total stock which apparently consists of information taken from over 1,000 breaches. In the end, it also warned the companies to keep an eye out for posts about the leaks, indicating that they might have very sensitive details in their hands. 

More About the Breach 

The breach was first noticed by cybersecurity firm Hudson Rock. In its report, it revealed that the main cause of the breach was a file transfer software called MOVEit. 

The unnamed vendor used this software for its internal operations, not knowing that it had a major security vulnerability. 

The vulnerability, which is being tracked as CVE-2023-34362, is a critical SQL injection flaw that allowed the hacker group to break into the software’s vulnerable system and extract information. 

By the end of the process, the group had managed to steal the data of at least 25 organizations (including Amazon) and steal 2.8 million lines of data.

This isn’t the first time that the MOVEit breach has affected an organization. The latest hit is part of a much larger chain of attacks that started in May last year and has affected many other renowned organizations such as Lenovo, HP, Delta Airlines, and HSBC.

Progress Software, the company that owns MOVEit has also commented on the issue and said that this is not a new flaw. Instead, it’s an extension of the zero-day vulnerability that was discovered last year. 

Last year, the vulnerability was exploited by a group called the Cl0p ransomware gang. Researchers are yet to find out whether Nam3L3ss conducted an independent attack or simply bought the already stolen data from Cl0p or its associates. 

Regardless of whether this is a new vulnerability or not, it’s a major security concern. The good thing is as per reports, the unnamed vendor has already resolved the security issue.

Add Techreport to Your Google News Feed

Get the latest updates, trends, and insights delivered straight to your fingertips. Subscribe now!

Subscribe now

Krishi ChowdharyKrishi Chowdhary

Krishi is an eager Tech Journalist and content writer for both B2B and B2C, with a focus on making the process of purchasing software easier for businesses and enhancing their online presence and SEO.
Krishi has a special skill set in writing about technology news, creating educational content on customer relationship management (CRM) software, and recommending project management tools that can help small businesses increase their revenue.
Alongside his writing and blogging work, Krishi’s other hobbies include studying the financial markets and cricket.

View all articles by Krishi Chowdhary

The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.

share Paylaş facebook pinterest whatsapp x print

Similar Content

Bitcoin Reached $75K All-Time High as Trump Becomes President – What’s the Future for Crypto?
Bitcoin Reached $75K All-Time High as Trump Becomes President – What’s the Future for Crypto?
Bitcoin Mining Difficulty Surges to New All-Time High as Hash Rate Reaches a Record High
Bitcoin Mining Difficulty Surges to New All-Time High as Hash Rate Reaches a Record High
Investigative Report Contradicts Senator Warren's Bluff About 90% Crypto Donations For John Deaton
Investigative Report Contradicts Senator Warren’s Bluff About 90% Crypto Donations For John Deaton
Meme Coins Surpass $111B Market Cap as New Vote-to-Earn (V2E) Dogecoin Rival Flockerz Raises $1.5M in Presale
Meme Coins Surpass $111B Market Cap as New V2E Dogecoin Rival Flockerz Raises $1.5M in Presale
Chainlink LINK's Entry Into Bitcoin Ecosystem Fuels Optimism - Is The Price Set for More Growth?
Chainlink LINK’s Entry Into Bitcoin Ecosystem Fuels Optimism – Is The Price Set for More Growth?
New Android feature seamlessly transfers account credentials to new devices
New Android feature seamlessly transfers account credentials to new devices
Flash News Hub | © 2024 | News