Amazon Employee Data Compromised in MOVEit Breach

  /     /     /  
Publicated : 23/11/2024   Category : security


Amazon Employee Data Compromised in MOVEit Breach


The data leak was not actually due to a breach in Amazons systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.



Amazon has confirmed that its employees data was exposed on a cybercrime forum due to the now-infamous
MOVEit vulnerability
.
The vulnerability, tracked as CVE-2023-34362, was discovered last year in the MOVEit file transfer software. The flaw allows hackers to bypass authentication on unpatched systems in order to access files, and it has affected thousands of organizations to date.
An
Amazon spokesperson
said that Amazon and AWS systems are secure and that its systems have not experienced a security breach. The security event actually occurred at a third-party property-management vendor, and several other customers it worked with in addition to Amazon were also affected, the person said. The type of compromised information includes work email addresses, desk phone numbers, and building locations.
Amazons recent data breach, traced back to a third-party vendors use of the MOVEit tool, is another wake-up call for the supply chains hidden vulnerabilities, Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, wrote in an emailed statement to Dark Reading. The MOVEit flaw initially hit hundreds, but the shockwave extended across 2,700+ organizations as the ripple effects reached third- and even fourth-party vendors. Weve identified over 600 MOVEit servers that were likely caught in this spray attack — leaving a vast field of potential targets.
Cybercrime intelligence company
Hudson Rock
referred to the fallout of the bug as one of the most
substantial leaks of corporate information
last year; and authors of the
Verizon Data Breach Investigation Report (DBIR)
in February noted that breaches attributable to MOVEit were so numerous that they skewed its statistics for the year.
Dont miss the upcoming free
Dark Reading Virtual Event
, Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors, Nov. 14 at 11 a.m. ET.
Dont miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia.

Register now!

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Amazon Employee Data Compromised in MOVEit Breach