Amazon confirmed that over 2.86 million of the more than 5 million records of employee data was exposed in a breach linked to the MOVEit vulnerability (CVE-2023-34362).
According to The Register*, the breach affected a property management vendor, compromising work contact information such as email addresses, phone numbers, and building locations.
Although many companies were listed as being affected, Amazon was named as having the most exposed records – over 2.86 million of the more than 5 million records. The data is being distributed on BreachForums by a user named Nam3L3ss, although the initial vulnerability was exploited by the Cl0p ransomware group.
The latest discovery highlights the ongoing and long-lasting vulnerabilities seen within supply chain securities including the critical need for better risk management. Despite the original MOVEit vulnerability being located and patched last year, organisations are still experiencing problems, which highlights the prolonged impact that supply chain attacks can have on security frameworks and beyond. This incident should also act as a reminder that even major technology companies with advanced security measures are still susceptible to third party vulnerabilities.
by Jake Moore, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 