We used to all go to Walmart or Target, but now when you need something, it's usually easier to go to Amazon and click "Add to cart" whether it's a cute christmas outfit for your cat, or a new filter for your cat's fancy water fountain (because water from a bowl is apparently too bougie), or even something completely non-cat related and boring like toilet paper.
But what if ... Amazon got hacked?? Sorry for the click bait headline - thankfully customer data wasn't impacted, but yes Amazon did recently suffer a data breach thanks to the 2023 MOVEit attacks.
The MOVEit attacks were a series of cyberattacks and data breaches that began in June 2023 after a vulnerability was discovered in MOVEit, a managed file transfer software.
Cute cat holiday costume. Courtesy image
So what exactly happened, and is it still safe to ... add to cart?? Dear god, I hope so.
The threat actor behind this data leak, identified as Nam3L3ss, published more than 2.8 million lines of Amazon employee data, such as names, contact information, building locations, email addresses and more. Yikes!
Amazon spokesperson Adam Montgomery confirmed the attacker's claims, noting that data was stolen from systems belonging to a third-party service provider, according to an article from BleepingComputer, "Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon," Montgomery said. "The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers and building locations."
Amazon employee data for sale from BleepingComputer. Courtesy image
According to Amazon, the breached vendor only had access to employee contact information, and the attackers didn't access or steal sensitive employee information such as Social Security numbers, government identification, or financial information. Amazon noted that the vendor has since patched the security vulnerability used in the attack. The attackers are said to have leaked data from at least 25 other companies, including MetLife, McDonalds, Schwab and more.
The MOVEit attacks are memorable for having occurred over the Memorial Day holiday weekend in 2023, a common move of cyber criminals is attacking on holidays, making incident response teams have a less than stellar holiday season.
The Clop ransomware gang was said to be behind the original attacks. The fallout from these attacks impacted hundreds of organizations across the globe, with millions having their data stolen and leaked online.
Data breach meme.
So the big takeaway here is that Amazon customer data is safe ... for now ... as far as we know.
The bigger takeaway is that in today's internet connected world, where a data breach is just a vulnerability away, nobody's data is really safe. Be cautious with whom you share data, and make sure you really need to do so before giving your data away.