Science and Tech

Amazon confirms the theft of more than 2.8 million lines of data from its employees after the MOVEit Transfer hack

Amazon confirms the theft of more than 2.8 million lines of data from its employees after the MOVEit Transfer hack

Nov. 12 (Portaltic/EP) –

amazon has confirmed the theft of more than 2.8 million lines of data from its workers, which have been published on the BreachForums forum and which could be accessed due to a vulnerability registered last year in one of its external providers, MOVEit Transfer .

The technology company has assured that its systems and those of Amazon Web Services (AWS) “remain secure” and that they have not experienced “no security problem”, as reported by media such as 404 Media.

“We were notified of a security issue at one of our property management providers that affected several of their clients, including Amazon,” said organization spokesperson Adam Montgomery.

He has also indicated that the only information that has been involved in the attack has been employee contact information, such as corporate email addresses, the extensions of their phone numbers or the location of the building in which they work.

In this sense, it has stated that the compromised external provider, which has already repaired the exploited vulnerability, only had access to employee information and that the attacker did not access or steal confidential information or workers’ personnel. For example, social security numbers, government IDs, financial information, etc.

The cybercriminal who has claimed responsibility for the attack, who goes by the name Nam3L3ss, has made a publication on the hacking forum BreachForums in which he claims to have more than 2.8 million lines of data from company employees.

This leak would also contain information from the employees of “more than 1,000 other companies”, according to the cybersecurity firm. Hudson Rockbecause it is related to the massive exploitation of MOVEit Transfer program reported last year. Belonging to the company Progress Software, it is a file transfer program that different companies use on a daily basis.

The vulnerability, identified as CVE-2023-34362, records the directories of organizations such as MetLife, Leidos, Cardinal Health, US Bank, HP, 3M, Lenovo, Omnicon Group, TIAA, City National Bank, McDonald’s, Charles Schwab, Delta Airlines and Canada Post, among others.

Source link