Amazon Confirms MOVEit Data Breach Exposes Employee Data

A critical vulnerability in the widely used MOVEit file transfer software has led to one of the most extensive corporate data leaks in recent history, affecting millions of employees across 25 major organizations.

The breach, attributed to a zero-day vulnerability known as CVE-2023-34362, has exposed sensitive employee information from global companies in the finance, technology, healthcare, and retail sectors.

A threat actor operating under the alias “Nam3L3ss” has released vast datasets containing detailed employee records stolen during the MOVEit attacks in May 2023.

Other affected organizations include U.S. Bank, HP, Delta Airlines, Charles Schwab, 3M, Lenovo, and McDonald’s, among others. The total number of compromised records across all 25 companies exceeds 5 million.

The leaked datasets contain highly structured information, revealing not only contact details but also sensitive internal data such as cost center codes and departmental assignments.

Security researchers at Hudson Rock have verified the authenticity of the data by cross-referencing it with LinkedIn profiles and information from previous infostealer infections.

Read the Full Story Here

Source: Cybersecurity News