Cyber Security
Amazon Confirms Massive MOVEit Data Breach, 1000+ Companies Potentially Impacted
Updated on Wed, Nov 13, 2024
Progress Software’s MOVEit is used by thousands of organizations around the world, including some of the biggest names such as Amazon, HSBC, HP, MetLife, Delta Airlines and others, spanning sectors such as retail, technology, finance, healthcare and more.
Bad actors were able to exploit a zero-day vulnerability, which saw them inject SQL commands to access customers’ sensitive data.
A zero-day vulnerability (known as CVE-2023–34362) means that Progress Software wasn’t aware of the flaw or flaws in its systems and can’t be certain of what data was leaked or which of its customers were affected.
This puts over 1,000 companies on the “potentially impacted” list.
However, one of the confirmed victims includes Amazon, which clarified the company was hit, through a statement given to TechCrunch.
Amazon spokesperson Adam Montgomery, who confirmed that employee data was affected by the data breach, said, “Amazon and AWS systems remain secure, and we have not experienced a security event.”
“We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example, work email addresses, desk phone numbers, and building locations.”
While Amazon did not provide any details about the number of impacted employees, it did mention that the affected unnamed third-party vendor did not possess data such as Social Security numbers or financial information.
However, the confirmation came after an individual operating under the username Nam3L3ss claimed to have over 2.8 million lines of data stolen from Amazon during the MOVEit breach, some of which was published on the hacking website BreachForums.
“What you have seen so far is less than .001% of the data I have,” said Nam3L3ss. “I have 1,000 releases coming never seen before.”
As per information put out by Nam3L3ss, numerous major companies and their records have been breached. As per a report by HudsonRock, these include:
-
Amazon: 2,861,111
-
MetLife: 585,130
-
Cardinal Health: 407,437
-
HSBC: 280,693
-
Fidelity (fmr.com): 124,464
-
U.S. Bank: 114,076
-
HP: 104,119
-
Canada Post: 69,860
-
Delta Airlines: 57,317
-
Applied Materials (AMAT): 53,170
-
Leidos: 52,610
-
Charles Schwab: 49,356
-
3M: 48,630
-
Lenovo: 45,522
-
Bristol Myers Squibb: 37,497
-
Omnicom Group: 37,320
-
TIAA: 23,857
-
Union Bank of Switzerland (UBS): 20,462
-
Westinghouse: 18,193
-
Urban Outfitters (URBN): 17,553
-
Rush University: 15,853
-
British Telecom (BT): 15,347
-
Firmenich: 13,248
-
City National Bank (CNB): 9,358
-
McDonald’s: 3,295
While most companies have not provided comments regarding the latest updates, a Delta spokesperson told Recorded Future News that the company was affected, saying, “The dataset includes things like names, contact information and office location but no sensitive personal information.”
“Delta teams work continuously to safeguard Delta’s data as the security and integrity of that information is of the utmost importance.”
Do you think technology companies should invest more in cybersecurity measures for their platforms and all updates run through rigorous testing before deployment?
Let us know in the comments below!
First published on Wed, Nov 13, 2024
Enjoyed what you read? Great news – there’s a lot more to explore!
Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!
Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.
Head to the TechDogs homepage to Know Your World of technology today!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Loading comments...
