Follow Cyber Kendra on Google News! | WhatsApp | Telegram

MOVEit Hack - Amazon, McDonald’s, HSBC, HP and Many Employee Data Leak

Employee Data Leak
A significant data breach stemming from a vulnerability in MOVEit file transfer software has resulted in the exposure of over 5 million employee records from 25+ major global organizations. 

The breach, linked to CVE-2023-34362, has affected companies across various sectors, including technology, finance, healthcare, and retail.

According to the Hudson Rock post and the posts on the hacker's forum, an individual operating under the username Nam3L3ss has published extensive employee directories containing sensitive information from prominent organizations. 

Amazon is the most heavily impacted, with approximately 2.86 million employee records exposed. Other significantly affected companies include MetLife (585,130 records), Cardinal Health (407,437 records), and HSBC (280,693 records).

Amazon.com Employee Data leak
Snippet from the data related to Amazon.com | Image: Hudson Rock

HSBC.com Employee Data leak
Snippet from the data related to HSBC.com | Image: Hudson Rock

The compromised data includes detailed employee information such as names, email addresses, phone numbers, cost center codes, and, in some cases, complete organizational structures. 

For instance, the Amazon dataset contains fields including employee names, cost center information, phone numbers, and job titles, while the HSBC dataset includes employee status, company codes, and location information spanning multiple countries.

Amazon Confirms Data Leak

Amazon has confirmed the leak of employee data. A statement was given to the 404media via email read -

“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about [a] security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” 

Hudson Rock researchers noted they have verified the authenticity of the data through cross-referencing with LinkedIn profiles and other verification methods. 

According to the Hudson Rock researchers, who contacted the hacker, the breach is just a tiny portion of their data.  The published data represents less than 0.01% of the total information obtained, which they intend to share more about in the next few days. 

The vulnerability in MOVEit, discovered in mid-2023, allowed attackers to bypass authentication and access sensitive data. While previous exploits of MOVEit were attributed to the CL0P ransomware group, researchers cannot yet confirm whether this specific breach is connected to CL0P, its affiliates or represents a separate security incident.

However, in one post, Nam3l3ss noted that he/she tracks all of the Ransom Group sites and has his/her own tool to auto-find AWS, Azure, and other sites' open buckets.

Nam3Less info

I track all of the Ransom Group sites and have my own tools that auto-find AWS, Azure, and other sites' open buckets.

I download everything i can from Ransom Group TOR sites, and form open cloud services

Once I have it I then clean the data and remove duplicates from the source and sometimes remove fields/columns where the data is useless. - Hacker wrote

I download entire databases from exposed web sources including mysql, postgres, SQL Server databases and backups, azure databases and backups etc and then convert them to csv or other format.

Companies Impacted

Here is the list of the companies whose data has been leaked by the hacker. 

Company Name Domain Records Exposed
Amazon amazon.com 2,861,111
MetLife metlife.com 585,130
Cardinal Health cardinalhealth.com 407,437
HSBC hsbc.com 280,693
Fidelity fmr.com 124,464
HP hp.com 104,119
Canada Post canadapost.postescanada.ca 69,860
Delta Airlines delta.com 57,317
Applied Materials amat.com 53,170
Leidos leidos.com 52,610
Charles Schwab schwab.com 49,356
3M 3m.com 48,630
Lenovo lenovo.com 45,522
Bristol Myers Squibb bms.com 37,497
Omnicom Group omnicomgroup.com 37,320
TIAA tiaa.org 23,857
UBS ubs.com 20,462
Westinghouse westinghouse.com 18,193
Urban Outfitters urbn.com 17,553
Rush University rush.edu 15,853
British Telecom bt.com 15,347
Firmenich firmenich.com 13,248
City National Bank cnb.com 9,358
McDonald's mcd.com 3,295

The breach holds severe implications, not only for the companies involved but also for the individual employees whose data has been compromised. 

With over 5 million employee records exposed, cybersecurity experts express deep concern about the potential for highly targeted phishing campaigns and social engineering attacks. Companies in the financial sector, particularly HSBC, UBS, and Cardinal Health, face heightened risks of sophisticated fraud schemes targeting their operations. 

Major corporations like Amazon, MetLife, and McDonald's face significant reputational risks as customer trust in their data security measures may waver. The exposure of detailed organizational structures and employee information, including names, email addresses, and cost center codes, creates vulnerable points for malicious actors to exploit.

This incident serves as a crucial reminder of the importance of prompt vulnerability management and robust cybersecurity measures across all industries. 

Organizations using MOVEit or similar file transfer systems should prioritize security updates and monitor their data transfer systems. Should perform a security audit and implement stricter data access controls and segmentation

Post a Comment