The breach, linked to CVE-2023-34362, has affected companies across various sectors, including technology, finance, healthcare, and retail.
According to the Hudson Rock post and the posts on the hacker's forum, an individual operating under the username Nam3L3ss has published extensive employee directories containing sensitive information from prominent organizations.
Amazon is the most heavily impacted, with approximately 2.86 million employee records exposed. Other significantly affected companies include MetLife (585,130 records), Cardinal Health (407,437 records), and HSBC (280,693 records).
|
| Snippet from the data related to Amazon.com | Image: Hudson Rock |
|
| Snippet from the data related to HSBC.com | Image: Hudson Rock |
The compromised data includes detailed employee information such as names, email addresses, phone numbers, cost center codes, and, in some cases, complete organizational structures.
For instance, the Amazon dataset contains fields including employee names, cost center information, phone numbers, and job titles, while the HSBC dataset includes employee status, company codes, and location information spanning multiple countries.
Amazon Confirms Data Leak
Amazon has confirmed the leak of employee data. A statement was given to the 404media via email read -
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about [a] security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,”
Hudson Rock researchers noted they have verified the authenticity of the data through cross-referencing with LinkedIn profiles and other verification methods.
According to the Hudson Rock researchers, who contacted the hacker, the breach is just a tiny portion of their data. The published data represents less than 0.01% of the total information obtained, which they intend to share more about in the next few days.
The vulnerability in MOVEit, discovered in mid-2023, allowed attackers to bypass authentication and access sensitive data. While previous exploits of MOVEit were attributed to the CL0P ransomware group, researchers cannot yet confirm whether this specific breach is connected to CL0P, its affiliates or represents a separate security incident.
However, in one post, Nam3l3ss noted that he/she tracks all of the Ransom Group sites and has his/her own tool to auto-find AWS, Azure, and other sites' open buckets.
I track all of the Ransom Group sites and have my own tools that auto-find AWS, Azure, and other sites' open buckets.
I download everything i can from Ransom Group TOR sites, and form open cloud services
Once I have it I then clean the data and remove duplicates from the source and sometimes remove fields/columns where the data is useless. - Hacker wrote
I download entire databases from exposed web sources including mysql, postgres, SQL Server databases and backups, azure databases and backups etc and then convert them to csv or other format.
Companies Impacted
Here is the list of the companies whose data has been leaked by the hacker.
| Company Name | Domain | Records Exposed |
|---|---|---|
| Amazon | amazon.com | 2,861,111 |
| MetLife | metlife.com | 585,130 |
| Cardinal Health | cardinalhealth.com | 407,437 |
| HSBC | hsbc.com | 280,693 |
| Fidelity | fmr.com | 124,464 |
| HP | hp.com | 104,119 |
| Canada Post | canadapost.postescanada.ca | 69,860 |
| Delta Airlines | delta.com | 57,317 |
| Applied Materials | amat.com | 53,170 |
| Leidos | leidos.com | 52,610 |
| Charles Schwab | schwab.com | 49,356 |
| 3M | 3m.com | 48,630 |
| Lenovo | lenovo.com | 45,522 |
| Bristol Myers Squibb | bms.com | 37,497 |
| Omnicom Group | omnicomgroup.com | 37,320 |
| TIAA | tiaa.org | 23,857 |
| UBS | ubs.com | 20,462 |
| Westinghouse | westinghouse.com | 18,193 |
| Urban Outfitters | urbn.com | 17,553 |
| Rush University | rush.edu | 15,853 |
| British Telecom | bt.com | 15,347 |
| Firmenich | firmenich.com | 13,248 |
| City National Bank | cnb.com | 9,358 |
| McDonald's | mcd.com | 3,295 |
The breach holds severe implications, not only for the companies involved but also for the individual employees whose data has been compromised.
With over 5 million employee records exposed, cybersecurity experts express deep concern about the potential for highly targeted phishing campaigns and social engineering attacks. Companies in the financial sector, particularly HSBC, UBS, and Cardinal Health, face heightened risks of sophisticated fraud schemes targeting their operations.
Major corporations like Amazon, MetLife, and McDonald's face significant reputational risks as customer trust in their data security measures may waver. The exposure of detailed organizational structures and employee information, including names, email addresses, and cost center codes, creates vulnerable points for malicious actors to exploit.
This incident serves as a crucial reminder of the importance of prompt vulnerability management and robust cybersecurity measures across all industries.
Organizations using MOVEit or similar file transfer systems should prioritize security updates and monitor their data transfer systems. Should perform a security audit and implement stricter data access controls and segmentation