Data Vigilante publishes 8 million employee data from Amazon, HP and others

Aftermath of the MOVEit vulnerability: Data protection agency “Nam3L3ss” publishes almost 8 million employee records from industry giants such as Amazon, 3M, HP and Delta, exposing cybersecurity gaps in large companies.

A “data vigilante” under the pseudonym Nam3L3ss has leaked millions of employee records from global industry giants in connection with the widespread distribution MOVEit vulnerability. FYI: The MOVEit vulnerability is a security flaw in the MOVEit file transfer software that many organizations use to exchange sensitive data.

Nam3L3ss, who denies being a hacker, began leaking the data on Friday, November 8, 2024. To date, sensitive and non-sensitive records from 27 companies, totaling 7,952,414 employee records, have been exposed. This includes 2,861,111 records from Amazon employees, a breach acknowledged by the company.

“Amazon and AWS systems remain secure and we have not experienced a security event. “We have been notified of a security incident at one of our property management providers that affected several of its customers, including Amazon,” Amazon spokesperson Adam Montgomery told Hackread.com. “The only Amazon information involved was employee business contact information, such as work email addresses, landline phone numbers and building locations.”

Data analysis

Hackread.com's research team conducted an in-depth analysis of each file leaked by Nam3L3ss and found that the data includes full names, email addresses, phone numbers, office addresses, home addresses, company names, location coordinates, and more.

List of affected companies and number of employees

3M: 48,630 employees

HP: 104,119 employees

Delta: 57,317 employees

MetLife: 585,130 employees

Amazon: 2,861,111 employees

McDonald's: 3,295 employees

Lenovo: 45,522 employees

TIAA: 2,464,625 employees

CalSTRS: 422,311 employees

BT: 15,347 employees

URBN: 17,553 employees

Leidos: 52,610 employees

UBS: 20,462 employees

HSBC: 280,693 employees

Firmenich: 13,248 employees

U.S. Bank: 114,076 employees

Canada Post: 69,860 employees

Westinghouse: 18,193 employees

Rush University: 15,853 employees

Omnicom Group: 37,320 employees

Charles Schwab: 49,356 employees

City National Bank: 9,358 employees

Applied Materials: 53,170 employees

Cardinal Health: 407,437 employees

Bristol-Myers Squibb: 37,497 employees

TIAA (additional listing): 23,857 employees

Fidelity Investments: 124,464 employees

The Nam3L3ss Manifesto: Motivation and Methodology

In a post on Breach Forums, Nam3L3ss outlined their “manifesto” to explain who they are and why they are disclosing data. According to the post, they monitor misconfigured and unsecured cloud databases across various services, including AWS Buckets, Azure, Digital Ocean, Google, as well as FTP and MongoDB servers, to extract and make this data public.

Nam3L3ss also claims to monitor ransomware groups, analyze stolen data, clean it by removing duplicates and irrelevant information, and then publish it online. For example, the leaked MetLife employee directory came from MetLife, a global financial services company that suffered a ransomware attack in 2023.

The Cl0p ransomware gang exploited MOVEit extensively, targeting hundreds of organizations worldwide. Even you has created clear leak sites the stolen data in July 2024.

Ferhat DikbiyikChief Research and Intelligence Officer at Black Kite, commented on the recent Amazon data breach, stating that Amazon's recent data breach, which resulted from a third-party vendor's use of the MOVEit tool, is another wake-up call for the supply chain.

“Amazon’s recent data breach resulting from a third-party vendor’s use of the MOVEit tool is another wake-up call to the hidden vulnerabilities of the supply chain. The MOVEit bug initially affected hundreds, but the shockwave spread to more than 2,700 companies as the impact also reached third and even fourth-party vendors,” Ferhat said.

“We have identified over 600 MOVEit servers that were likely affected by this 'spray' attack – leaving a huge field of potential targets,” he explained. “CL0P ransomware, the group exploiting this vulnerability, has named 270 victims in three months and the number is still rising.”

“With 200 to 400 organizations believed to have paid ransoms, the real impact goes far beyond these numbers. This breach highlights that ransomware risk doesn't end at your organization's doorstep. In today’s ecosystem, risk management must extend across the entire supply chain to truly protect against the next big attack.”

Data protection officer?

Although the term “data vigilante” is controversial, Nam3L3ss expresses frustration that companies and government institutions have failed to secure their networks. By sharing this data, they aim to raise awareness about data security and promote better cybersecurity practices.

Impact of the data leak and advice for employees

Although passwords and financial data were not included in the leaked files, the disclosure poses significant risks for companies and employees. Threat actors, particularly state-sponsored groups like North Korea's Lazarus GroupThey have been known to exploit such data to launch phishing scams, steal cryptocurrencies, and access financial information that could help them economy of the country.

If you work for one of the affected companies, be aware of email phishing scams, SMS phishing scams (smishing), and voice phishing scams (vishing), as attackers may attempt to exploit this data to launch additional scams.

RELATED TOPICS

1. Hacker leaks thousands of Microsoft and Nokia employee data
2. Hackers call employees to steal VPN credentials from US companies
3. Hacker leaks data of 33,000 Accenture employees in third-party data breach
4. Shadow IT: Personal GitHub repos reveal employee cloud secrets
5. Indian former employee jailed for deleting 180 virtual servers in Singapore