A few days ago, a cybercriminal put a database belonging to Amazon up for sale. The hacker, who calls himself Nam3L3ss, announced the sale on BreachForums, a forum popular with hackers looking for compromised information.
In the announcement, viewed by 01net.comNam3L3ss explains having stolen over 2.8 million rows of data relating to group employees. Among the exfiltrated data are names, email addresses, postal addresses and contact details of the buildings in which they work. This is information that can potentially be exploited in cyberattacks, such as phishing attacks.
Also read: Nokia reveals the results of its investigation into the data leak
A consequence of the MoveIt hack
As the cybercriminal indicates on BreachForums, the source of the data is none other than MoveIt, software designed to enable file transfers. For the record, MoveIt is at the heart of the biggest hack of last year. By exploiting a security flaw in the software developed by Progress Software, the Clop gang hackers were able to access MoveIt customer databases.
As Amazon spokesperson Adam Montgomery explains to Bleeping Computer, the data was stolen from systems owned by a third-party service provider. It turns out that Amazon was among the clients of a property management firm affected by the MoveIt breach.
The MoveIt hack was accompanied bya shower of data leaks. On paper, all the companies that used MoveIt saw their information compromised. A large amount of this information ended up on black markets, at the mercy of cybercriminals.
Reassuringly, Amazon specifies that “Amazon and Amazon Web Services systems remain secure, and we have not experienced any security incidents”. Moreover, “the only Amazon information involved was employees' work contact information, e.g. work email addresses, office phone numbers”.
Their private data is not affected. Social Security numbers, identification documents or financial details were not exfiltrated. Likewise, Amazon users are not affected.
More data leaks in sight?
In the process, the hacker Nam3L3ss put data belonging to 25 other companies online. He claims to haver more than 250 TB of files archived database. This information was gleaned through multiple sources in the wake of the MoveIt leak. In his manifesto, the cybercriminal claims that “if a company or government agency is stupid enough not to encrypt its data”SO “the world should KNOW exactly what these companies and government agencies know”.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Bleeping Computer
