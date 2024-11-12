Summarize Simplifying... In short Amazon has suffered a data breach due to a security flaw in a third-party system, exposing employee contact details.

The breach, which also affected other major companies, did not compromise any sensitive personal or financial data.

Despite the incident, Amazon assures that its systems remain secure. Was a long read? Making it simpler... Next Article Next Article

The leaked data includes email addresses and phone numbers

Amazon hit by data breach, contact details of employees exposed

By Dwaipayan Roy 09:46 am Nov 12, 202409:46 am

What's the story Amazon has confirmed a data breach that exposed its employees' contact information. The leaked data includes phone numbers, email addresses, and building locations associated with Amazon's workforce. The breach was first reported by 404 Media and later confirmed by an Amazon spokesperson, Adam Montgomery. He said the company was "notified about a security event at one of our property management vendors that impacted several of its customers, including Amazon."

Vulnerability

Breach traced back to 3rd-party vendor's security flaw

The data breach was linked to a critical security flaw in the MOVEit file transfer system of a third-party property management vendor. The vulnerability, which was first detected in May 2023, has impacted several other companies like the BBC, British Airways, Sony, and the US Department of Energy. The leaked data was allegedly shared on a hacking forum by someone who claimed it is "just a tiny portion of the data they have."

Security

Amazon's systems remain secure

Despite the breach, Montgomery assured that "Amazon and AWS systems remain secure, and we have not experienced a security event." The extent of the breach remains uncertain with a screenshot from the hacking forum post, showing over 2.8 million lines in the alleged Amazon dataset.

Safety

No sensitive personal or financial data compromised

Montgomery confirmed that the breach did not include any sensitive personal or financial data like social security numbers, any government identity documents, or financial information. The threat actor behind the breach, who goes by the alias "Nam3L3ss," claimed to have published data allegedly stolen from 25 major organizations including MetLife, HSBC, HP, as well as Canada Post.