{
	"id": "cc1c472f-59cd-4f83-9533-86dccd2d6649",
	"created_at": "2026-04-06T01:32:01.599672Z",
	"updated_at": "2026-04-10T13:12:11.113238Z",
	"deleted_at": null,
	"sha1_hash": "11bbc31c5d0e26ec7f959586d35730d54cfa023f",
	"title": "Amazon confirms employee data breach after vendor hack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2546366,
	"plain_text": "Amazon confirms employee data breach after vendor hack\r\nBy Sergiu Gatlan\r\nPublished: 2024-11-11 · Archived: 2026-04-06 01:03:47 UTC\r\nAmazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit\r\nattacks was leaked on a hacking forum.\r\nThe threat actor behind this data leak, known as Nam3L3ss, published over 2.8 million lines of Amazon employee data,\r\nincluding names, contact information, building locations, email addresses, and more.\r\nAmazon spokesperson Adam Montgomery confirmed Nam3L3ss' claims, adding that this data was stolen from systems\r\nbelonging to a third-party service provider.\r\nhttps://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security\r\nevent at one of our property management vendors that impacted several of its customers including Amazon,\" Montgomery\r\nsaid.\r\n\"The only Amazon information involved was employee work contact information, for example work email addresses, desk\r\nphone numbers, and building locations.\"\r\nThe company said the breached vendor only had access to employee contact information, and the attackers didn't access or\r\nsteal sensitive employee information like Social Security numbers, government identification, or financial information.\r\nAmazon added that the vendor has since patched the security vulnerability used in the attack.\r\nAmazon employee data for sale (BleepingComputer)\r\nNam3L3ss has also leaked the data from twenty-five other companies. However, they say some of the data was obtained\r\nfrom other sources, including ransom gangs' leak sites and exposed AWS and Azure buckers.\r\n\"I download entire databases from exposed web sources including mysql, postgres, SQL Server databases and backups,\r\nazure databases and backups etc and then convert them to csv or other format,\" they said.\r\n\"DO NOT ask me for access to my storage etc, at present I have well over 250TB of archived database files etc.\"\r\nThe list of companies whose data was stolen in MOVEit attacks or harvested from Internet-exposed resources and has now\r\nbeen leaked on the hacking forum includes Lenovo, HP, TIAA, Schwab, HSBC, Delta, McDonald's, and Metlife, among\r\nothers (as shown in the table below).\r\nBleepingComputer has contacted multiple companies and will update this article when additional information is available.\r\nCompany Date Stolen Number of Employees\r\nLenovo 2023-05 45,522\r\nMcDonald's 2023-05 3,295\r\nHP 2023-05 104,119\r\nCity National Bank 2023-05 9,358\r\nBT 2023-05 15,347\r\ndsm-firmenich 2023-05 13,248\r\nRush University 2023-05 15,853\r\nhttps://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/\r\nPage 3 of 5\n\nURBN 2023-05 17,553\r\nWestinghouse 2023-05 18,193\r\nUBS 2023-05 20,462\r\nTIAA 2023-05 23,857\r\nOmnicomGroup 2023-05 37,320\r\nBristol-Myers Squibb 2023-05 37,497\r\n3M 2023-05 48,630\r\nSchwab 2023-05 49,356\r\nLeidos 2023-05 52,610\r\nCanada Post 2023-05 69,860\r\nAmazon 2023-05 2,861,111\r\nDelta 2023-05 57,317\r\nApplied Materials 2023-05 53,170\r\nCardinal Health 2023-05 407,437\r\nUS Bank 2023-05 114,076\r\nfmr.com 2023-05 124,464\r\nHSBC 2023-05 280,693\r\nMetLife 2023-05 585,130\r\nThe MOVEit data-theft attacks\r\nThe Clop ransomware gang was behind a wave of data theft attacks starting on May 27, 2023. While the threat actor has said\r\nthat the data was collected from various sources, the date of May 30, 2023, coincides with the MOVEit data theft attacks\r\nthat occurred over the long US Memorial Day holiday.\r\nThe data leaked for each of the twenty-five companies is similar, so it is believed that the data was stolen from a single\r\nvendor during these attacks and has now been released as separate data sets for the impacted customers.\r\nThe data-theft attacks leveraged a zero-day security flaw in the MOVEit Transfer secure file transfer platform, a managed\r\nfile transfer (MFT) solution used in enterprise environments to securely transfer files between business partners and\r\ncustomers.\r\nThe cybercrime gang began extorting victims in June 2023, exposing their names on the group's dark web leak site.\r\nThe fallout from these attacks impacted hundreds of organizations worldwide, with tens of millions of people having their\r\ndata stolen and used in extortion schemes or leaked online since then\r\nMultiple U.S. federal agencies and two U.S. Department of Energy (DOE) entities have also been targeted and breached in\r\nthese attacks\r\nhttps://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/\r\nhttps://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/"
	],
	"report_names": [
		"amazon-confirms-employee-data-breach-after-vendor-hack"
	],
	"threat_actors": [
		{
			"id": "b605622e-b954-4c6d-b509-17bba2908e5d",
			"created_at": "2024-11-13T13:15:31.109211Z",
			"updated_at": "2026-04-10T02:00:03.755907Z",
			"deleted_at": null,
			"main_name": "Nam3L3ss",
			"aliases": [],
			"source_name": "MISPGALAXY:Nam3L3ss",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775439121,
	"ts_updated_at": 1775826731,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/11bbc31c5d0e26ec7f959586d35730d54cfa023f.pdf",
		"text": "https://archive.orkl.eu/11bbc31c5d0e26ec7f959586d35730d54cfa023f.txt",
		"img": "https://archive.orkl.eu/11bbc31c5d0e26ec7f959586d35730d54cfa023f.jpg"
	}
}