Key TakeawaysAmazon was recently hit by a data breach that compromised the personal details of 2.8 million employees.The main vulnerability lies in a file transfer software called MOVEit. Amazons property service management vendor used this software for its internal operations.So when the hacker group, identified as Nam3L3ss, struck and stole the data of 25 organizations, Amazon became one of the victims.Amazon has confirmed a data breach that compromised the data of 2.8 million of its employees. Stolen data includes names, addresses, work phone numbers, email IDs, and building locations of affected employees.So far, it looks like sensitive information such as financial information, government IDs and Social Security numbers are safe.The companys core systems are also fine. The breach took place through a third-party vendor thats responsible for managing its property details. The vendor has not been named.Amazon also refused to comment on exactly how many employees information has been compromised. However, we managed to find the exact number through screenshots that were allegedly published by the hacker.Speaking of the hacker, a group called Nam3L3ss has claimed responsibility for the attack. They posted about their successful campaign on BreachForums where it claimed to have stolen over 250TB worth of data.It also said that the data it has published is only 0.001% of its total stock which apparently consists of information taken from over 1,000 breaches. In the end, it also warned the companies to keep an eye out for posts about the leaks, indicating that they might have very sensitive details in their hands.The breach was first noticed by cybersecurity firm Hudson Rock. In its report, it revealed that the main cause of the breach was a file transfer software called MOVEit.The unnamed vendor used this software for its internal operations, not knowing that it had a major security vulnerability.The vulnerability, which is being tracked as CVE-2023-34362, is a critical SQL injection flaw that allowed the hacker group to break into the softwares vulnerable system and extract information.By the end of the process, the group had managed to steal the data of at least 25 organizations (including Amazon) and steal 2.8 million lines of data.This isnt the first time that the MOVEit breach has affected an organization. The latest hit is part of a much larger chain of attacks that started in May last year and has affected many other renowned organizations such as Lenovo, HP, Delta Airlines, and HSBC.Progress Software, the company that owns MOVEit has also commented on the issue and said that this is not a new flaw. Instead, its an extension of the zero-day vulnerability that was discovered last year.Last year, the vulnerability was exploited by a group called the Cl0p ransomware gang. Researchers are yet to find out whether Nam3L3ss conducted an independent attack or simply bought the already stolen data from Cl0p or its associates.Regardless of whether this is a new vulnerability or not, its a major security concern. The good thing is as per reports, the unnamed vendor has already resolved the security issue.Add Techreport to Your Google News Feed Get the latest updates, trends, and insights delivered straight to your fingertips. Subscribe now! Subscribe now Krishi is an eager Tech Journalist and content writer for both B2B and B2C, with a focus on making the process of purchasing software easier for businesses and enhancing their online presence and SEO.Krishi has a special skill set in writing about technology news, creating educational content on customer relationship management (CRM) software, and recommending project management tools that can help small businesses increase their revenue.Alongside his writing and blogging work, Krishi's other hobbies include studying the financial markets and cricket. View all articles by Krishi Chowdhary Our editorial processThe Tech Reporteditorial policyis centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written byreal authors.