In a recent development, e-commerce giant Amazon has acknowledged a data breach affecting its employees. The breach occurred due to a security incident at a third-party property management vendor, impacting several of the vendor's clients, including Amazon.
According to Amazon spokesperson Adam Montgomery, the compromised information includes employee work contact details such as email addresses, desk phone numbers, and office locations. Montgomery emphasized that Amazon's core systems, including those of Amazon Web Services (AWS), remain secure and unaffected by this incident.
The company has assured that sensitive information like Social Security numbers, government-issued identification documents, and financial data were not part of the breach. Amazon has not disclosed the exact number of employees affected by this security event.
This revelation comes in the wake of claims made by a threat actor on a well-known hacking forum. The individual, using the alias "Nam3L3ss," alleged possession of over 2.8 million lines of data purportedly stolen from Amazon. The hacker claims this data was obtained during the widespread exploitation of the MOVEit Transfer system in 2023.
Cybersecurity firm Hudson Rock reports that the threat actor claims to have data from 25 major organizations, with Amazon being one among them. Other affected entities allegedly include MetLife, HP, HSBC, and Canada Post.
Amazon has stated that the third-party vendor responsible for the breach has addressed the security vulnerability that led to this incident. As the situation develops, affected employees and the public await further details and potential measures to mitigate the impact of this data breach.