Amazon employee data leaked from MoveIt Transfer attack

Amazon confirmed that employee data was stolen in a breach of a third-party vendor that was victimized by the MoveIt Transfer zero-day vulnerability attacks in 2023.

The employee data was leaked by a threat actor known as "Nam3L3ss" to a popular dark web hacker forum. Nam3L3ss posted additional employee data that they claimed was from major companies including Amazon, MetLife, Fidelity Investments, HP, Delta Air Lines and more. Although the type of data varied from company to company, the employee data allegedly included personally identifiable information such as names, email addresses and phone numbers.

According to threat intelligence vendor Hudson Rock, which first reported the leak Monday, the data was dated May 2023 and was obtained via a critical vulnerability in Progress Software's file transfer software MoveIt Transfer, tracked as CVE-2023-34362. The flaw, which was disclosed in May 2023, is a critical SQL injection vulnerability that enabled threat actors to access MoveIt Transfer instances at many companies and organizations. Although patches were released on the day it was disclosed, vendors reported widespread exploitation soon after.

The massive exploitation of CVE-2023-34362 and resulting data extortion attacks by ransomware actors -- including the prolific Clop gang -- was one of the furthest-reaching information security events of last year. Clop's attacks affected thousands of companies, and personal data belonging to tens of millions of individuals was reportedly obtained in the process.

A spokesperson for Amazon confirmed to TechTarget Editorial that some employee data had been obtained, but stressed that the leak stemmed from a breach of an unnamed third-party vendor. Moreover, the spokesperson noted that Amazon was one of several companies included in the Hudson Rock report.

"Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon," the spokesperson said. "The only Amazon information involved was employee work contact information, for example, work email addresses, desk phone numbers and building locations."

TechTarget Editorial contacted Progress Software for additional comment.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.