Amazon confirms employee data compromised amid 2023 MOVEit breach claims – but the hacker behind the leak says a host of other big tech names are also implicated

Amazon has confirmed that a security incident affecting a third-party vendor has exposed employee information.

The incident saw data allegedly belonging to employees at a host of major tech firms leaked, with the data believed to have been stolen during the 2023 MOVEit breach.

An Amazon spokesperson told ITPro its internal systems remain secure, insisting the incident was isolated to one of its third-party property management systems.

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.”

The statement added that the published information was limited to employee contact information, as well as some location data.

“The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”

Amazon did not confirm how many employees were impacted by the breach.

The tech giant isn’t the only major organization impacted in the data dump. HP, Lenovo, and other parties including HSBC and MetLife have allegedly been impacted in the breach.

ITPro has contacted the organizations for confirmation.

Leaked by a cyber criminal using the moniker ‘Nam3L3ss’, the cache is said to include a variety of employee data including names, email addresses, phone numbers, cost center codes, and, in some cases, entire organizational structures of the affected parties.

Nam3L3ss claims to have over 2.8 million records stolen from Amazon in particular, as well as half a million taken from life insurance company MetLife.

The total number of records published in the initial release was nearly five million lines of data, affecting 25 large organizations.

Nam3L3ss claimed that what they have released so far is less than 0.001% of the data they have in their possession, alleging they have 1,000 releases coming with data that has never been seen before.

The threat actor, who claims not to be a hacker, said the information was taken during the May 2023 MOVEit attacks.

Hackers affiliated with the Cl0p threat collective exploited a zero-day vulnerability in Progress’s MOVEit file transfer protocol, used by thousands of large organizations around the world.

The vulnerability, tracked as CVE-2023-34362, was an SQL injection flaw identified in the MOVEit Transfer web application that was leveraged by the threat actors to gain access to MOVEit Tranfer’s database.