On Monday Amazon confirmed a breach of employee data which was published on a crime-focused forum, according to a statement from Amazon to 404 Media.
The data includes the employees’ name, work contact information, and what location they work at, and has more than 2.8 million lines of data, according to the post on Breach Forums. The post says the source of the data was MOVEit, which is suite of cloud data management tools.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about [a] security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” an Amazon spokesperson told 404 Media in an email.
Amazon added that the vendor only receives employee contact information, and did not have access to other more sensitive data such as Social security numbers, government identity documents, or financial data. Amazon said the vendor has fixed the underlying security vulnerability.
Cybersecurity firm Hudson Rock tweeted about the breach listing on Monday. The breach appears to be one of many stemming from MOVEit, information security Twitter account VX Underground tweeted. Progress Software, which produces MOVEit, did not immediately respond to a request for comment.
