A hacker has published large datasets containing information on millions of employees of major companies such as Amazon, MetLife and HSBC on an illegal forum. This data was likely stolen during attacks on a vulnerability in the MOVEit software that began in May 2023.
According to Israeli cybersecurity firm Hudson Rock, the hackers known as Nam3L3ss exposed at least 25 CSV data sets containing information about employees of large companies. The largest leak is from Amazon, containing 2,861,111 records with full name, job title, cost center code and name, phone number, and email address.
Hudson Rock experts confirmed the authenticity of the data by checking it against LinkedIn profiles and other data. The hackers also said that what was made public was only a small portion of the information available and that they planned to make thousands more such disclosures. The data leak is linked to a critical vulnerability in MOVEit Transfer, which hackers led by the Russian Cl0p group used to steal data from thousands of organizations around the world. This incident sends a powerful message to companies using MOVEit and similar file transfer systems about the importance of data protection.
Hudson Rock warns that the data leak could be used for phishing, social engineering, corporate espionage and other threats. Companies are encouraged to immediately apply security updates, conduct audits, train employees and limit access to sensitive information.