• Amazon confirms employee data stolen after third-party MOVEit bre

    From TechnologyDaily@1337:1/100 to All on Tuesday, November 12, 2024 11:45:05
    Amazon confirms employee data stolen after third-party MOVEit breach

    Date:
    Tue, 12 Nov 2024 11:31:27 +0000

    Description:
    More victims are emerging from the MOVEit vulnerability exploition and subsequent data breaches.

    FULL STORY ======================================================================Amazon has confirmed data has been breached through a third party The MOVEit cyberattack left the data of hundreds of thousands exposed The third party
    did not have access to highly sensitive data

    The MOVEit Transfer cyberattack that swept the world across the second half
    of 2023 is apparently continuing to wreak havoc, with Amazon confirming some of its employee details have been leaked via a breach in a third-party provider.

    The compromised data includes employee work contact information, for example work email addresses, desk phone numbers, and building locations.

    Amazon did not state how many employees had their data stolen, but confirmed the unnamed third-party did not hold sensitive data such as Social Security numbers or financial information. MOVEit breach effects continue

    Speaking to TechCrunch , Amazon spokesperson Adam Montgommery said, Amazon
    and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.

    The original MOVEit attack impacted an estimated 2,600 organizations after
    the Cl0p ransomware gang used SQL injection to compromise public-facing servers and steal data using LemurLoot from connected organizations.

    Amazons confirmation of a breach comes shortly after a threat actor published data on BreachForums, a site used by cyber criminals to advertise stolen data for sale. Nam3L3ss, the original poster of the data said in their forum post that they had data stolen from 25 major organizations including Amazon, U.S. Bank, HP, Delta Airlines, Lenovo and many more (via HudsonRock ).

    Nam3L3ss also emphasized that What you have seen so far is less than .001% of the data I have. I have 1,000 releases coming never seen before.

    The data stolen in the original breach remains a threat to affected organizations and could be used in a number of harmful ways, including phishing, social engineering, and fraud. You might also like Take a look at the best endpoint protection software Windows machines are being targeted
    with ZIP file workaround These are the best cloud firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/pro/amazon-confirms-employee-data-stolen-after-third -party-moveit-breach


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)