Amazon Confirms Employee Data Stolen Due To Last Year's MOVEIT Hacker

Illustration of Amazon's office (photo: Pluang)

JAKARTA - Amazon has confirmed the theft of employee data, following a hack that occurred on the Transfer MOVEIT last year, which is also their third-party vendor.

However, in a statement given to TechCrunch, Amazon spokesperson Adam Montgomery ensured that all Amazon and AWS systems remained safe.

The Amazon and AWS system remains safe, and we haven't experienced any security events. We were informed of a security incident at one of our property management vendors affecting some of its customers including Amazon," Montgomery said.

However, he did not provide more details on how much employee data was affected by the incident. Because according to him, third-party vendors do not have access to sensitive data such as social security numbers or other financial information.

"The only Amazon information involved is employee office contact information, such as office email addresses, desk phone numbers, and building locations," he continued.

In 2023, there has been a huge hack exploiting zero-day vulnerabilities in the Progress Software file transfer software from MOVEIT.

The hack, claimed by ransomware groups, resulted in more than 1,000 organizations, including the Oregon Department of Transport (3.5 million stolen records), the Colorado Department of Health Care Policy and Financing (four million), and the US government service contract giant

Amazon's confirmation emerged after a perpetrator claimed to have published data stolen from Amazon on the well-known hacking site BreachForums.

The hacker claims to have more than 2.8 million lines of data, which they said were stolen during last year's mass exploit of the Transfer MOVEit.