It seems that this data security breach managed to disclose email addresses, phone numbers and also building locations that are connected to the Amazon employees.
Adam Montgomery, the Amazon spokesperson, stated for The Verge that the company was indeed “notified about a security event at one of our property management vendors that impacted several of its customers, including Amazon.”
This Amazon confirmation comes after a report from the Hudson Rock cybercrime firm which stated that the details and information of the Amazon employment were posted on the hacking forum and also included information about Amazon and other 25 units, such as MetLife, HP, HSBC, or Canada Post.
According to Hudson Rock, the information disclosed can be traced back to May 2023, and it’s mostly related to the MOVEit data breach from its file transfer system which was revealed last year. This security breach resulted in the Amazon account being hacked along with other affected organizations by the MOVEit data breach such as BBC, British Airways, Sony, the US Department of Energy, and many others.
However, it seems that the person who posted this Amazon employment information has much more data than what was revealed.
Montgomery stated that “Amazon and AWS systems remain secure, and we have not experienced a security event. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”
Currently, we don't know for sure how many employees were affected by the MOVEit data breach, but from the screenshot made on the hacking forum, it seems that more than 2.8 million lines of Amazon employment data.
But Montgomery confirmed for The Verge from the Amazon account hacked event, that the security breach didn’t include the Amazon employee's social security numbers, government identity documents, or any financial information.
It remains to be seen whether this other information from the Amazon hacked event will go public, or just the already-known Amazon employee information from the security breach will remain revealed.