Hacker leaks employee data from dozens of companies on the dark web
A threat actor called Nam3L3ss has published large datasets containing millions of records of employee data from numerous major companies, including Amazon, HP, and McDonald’s.
According to cybersecurity firm Hudson Rock, the data that has been released is most likely related to the MOVEit Transfer incident of last year.
MOVEit Transfer is an application that many companies and organizations use to exchange files. In May 2023, developer Progress announced that the software contained a zero-day exploit, allowing hackers to bypass authentication and access sensitive data.
Hacking group Cl0p claimed to have attacked ‘hundreds’ of companies and organizations by exploiting this vulnerability. Dozens of victims confirmed they had been struck, including British Airways, BBC, Gen Digital, and the government of the Canadian province of Nova Scotia.
On Monday, Nam3L3ss released employee directories from 25 major organizations. The datasets contained detailed employee information, including full names, email addresses, phone numbers, job titles, job descriptions, and so on.
One of the companies whose employee information was published is Amazon. Spokesperson Adam Montgomery confirmed that the data was stolen from systems belonging to a third party vendor.
“Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations,” Montgomery told BleepingComputer.
Other companies whose employee information was leaked include MetLife, Cardinal Health, HSBC, Fidelity, U.S. Bank, HP, Canada Post, Delta Airlines, Applied Materials, Leidos, Charles Schwab, 3M, Lenovo, Bristol Myers Squibb, Omnicom Group, TIAA, Union Bank of Switzerland (UBS), Westinghouse, Urban Outfitters, Rush University, British Telecom, Firmenich, City of National Bank (CNB), and McDonald’s.
“Hudson Rock researchers were able to verify the authenticity of the data by cross-referencing emails from the leaks to Linkedin profiles of employees, and to emails found in Infostealer infections where employees in the affected companies were involved,” Hudson Rock’s report says.
The cybersecurity firm is warning victims of potential risks and consequences that could arise from the data breach, including phishing and social engineering attacks, corporate espionage, reputational damage, and financial theft and fraud.
“For companies impacted, it’s essential to conduct thorough incident response actions, protect affected employees, and rebuild client trust. Moving forward, the MOVEit incident underlines the importance of staying updated on vulnerabilities, especially for any software used to manage or transfer sensitive data,” researchers conclude.
Your email address will not be published. Required fields are marked