Amazon confirms employee data hacked in the biggest cyberattack of 2023: Here's what got stolen

Amazon has acknowledged a hacking incident involving a third-party vendor that compromised employee data. The breach exposed work email addresses, phone numbers, and building locations of affected employees.
While Amazon's core systems remain secure, the company emphasized that the incident occurred at a vendor responsible for property management services. The vendor, which remains unnamed, has reportedly addressed the security vulnerability that led to the data breach.

In a statement given to TechCrunch, Amazon spokesperson Adam Montgomery confirmed that employee information had been involved in a data breach. “Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery said.
Amazon, however, declined to say how many employees were impacted by the breach.
The confirmation follows claims by a threat actor known as "Nam3L3ss" who has been leaking data stolen from various organizations, including Amazon. The data, allegedly obtained through the massive MOVEit Transfer exploit in 2023, has been shared on the notorious hacking forum BreachForums.

The MOVEit hacking, one of the largest cyberattacks of 2023, exploited a zero-day vulnerability in Progress Software's file transfer application. This vulnerability allowed malicious actors to gain unauthorized access to sensitive data from numerous organizations worldwide.
In addition to Amazon, other high-profile companies such as Lenovo, HP, TIAA, BT, Schwab, HSBC, Delta, McDonald's, and Metlife have been impacted by the MOVEit breach or other data exposure incidents.