Amazon Employee Information Compromised in Recent Vendor Cyber-Attack

Amazon Employee Information Compromised in Recent Vendor Cyber-Attack

“`html


Amazon confirms employee data breach after vendor hack

Amazon Confirms Employee Data Breach After Vendor Hack

In an alarming development, global e-commerce giant Amazon has confirmed a significant data breach that exposed sensitive employee information.

The breach appears to have emanated from a cyber attack on MOVEit, a secure file transfer system in May 2023.

Hack Detailed

The breach came to light after details purportedly stolen from MOVEit started surfacing on various hacktivist forums.

Investigations by independent cybersecurity researchers traced the posted dataset back to Amazon, revealing that a significant volume of the company’s employee data had potentially been compromised.

Amazon’s Response

Amazon swiftly acknowledged the breach, revealing that it primarily affected non-customer data. “We’re currently investigating the incident and ensuring the safety of our systems and data.

At this stage, it largely involves our employees’ data, and we’ve yet to find any evidence of customer information being affected,” said an Amazon spokesperson.

Business Vendor Attacks: A Rising Threat

Incidents like the MOVEit attack underline a rising trend of adversaries targeting business vendors to access larger organisations’ data.

Other prominent examples of such supply chain attacks include the SolarWinds hack and the more recent Kaseya ransomware attack. (source)

Advice for Professionals

As a cybersecurity professional, it’s of utmost importance to ensure the security of not only your own network, but also your business partners’.

Vendors and third-party service providers can often serve as entry points for cybercriminals.

Conducting regular security audits, enforcing strict security policies, and utilising a zero-trust security model are effective measures to thwart such threats.

Follow-Up Reading



“`

AegisLens

Stay ahead of cyber threats with AegisLens. Get real-time CVE updates, expert insights, and tools to secure your world. #CyberSecurity #ThreatIntel #Infosec

Leave a Reply