Share this article on:
A threat actor has leaked the data of a number of major companies online that are believed to have been hit in the MOVEit hack from last year.
A threat actor using the moniker Nam3L3ss leaked 25 CSV datasets of companies, including Amazon, HSBC, Cardinal Health, MetLife, Fidelity, U.S Bank, McDonald’s, Delta Airlines, Leidos, HP, and more, according to Israeli cyber security firm Hudson Rock.
The datasets reportedly contain employee data such as full names, titles, phone numbers, email addresses, and other role data.
“Such data could serve as a goldmine for cyber criminals seeking to engage in phishing, identity theft, or even social engineering attacks on a large scale,” said Hudson Rock.
The leak hit Amazon the hardest, with 2,861,111 records leaked, over 2 million more than the second-largest leak – MetLife, with 585,130.
In a post on a popular hacking forum where the data was leaked, Nam3L3ss said the data was sourced through a MOVEit vulnerability on 31 May 2023, not long after vulnerability CVE-2023-34362 was discovered.
In another post during communications with Hudson Rock, the threat actor said they had “1,000 releases coming, never seen before”, adding that what has been seen is “less than .001 per cent of the data” they have.
Despite leaking the data, Name3Less told Hudson Rock that they are “NOT a hacker, nor have [they] ever tried to blackmail anyone”, adding that they would reveal the reason for the leak after confirming Hudson Rock was media. The threat actor is allegedly preparing a write-up for the cyber security firm. Cyber Daily will provide an update when the write-up is released.
Based on Hudson Rock’s investigation, the data appears to be legitimate. The cyber firm said it was able to confirm that the HSBC data leaked was real.
“Hudson Rock researchers were able to verify the authenticity of the data by cross-referencing emails from the leaks to LinkedIn profiles of employees, and to emails found in info-stealer infections where employees in the affected companies were involved,” the cyber firm said.
Additionally, Amazon confirmed with media that employee data was compromised following a third-party “security event”, with MOVEit.
“Amazon and AWS systems remain secure, and we have not experienced a security event,” said Amazon spokesperson Adam Montgomery.
“We were notified about a security event at one of our property management vendors that impacted several of its customers, including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.”
Despite belief that the data was stolen in the MOVEit data breach from last year, Hudson Rock has so far been unable to confirm whether or not Nam3L3ss is connected to the Clop ransomware gang, which was behind the MOVEit incident.
The MOVEit supply chain attack occurred after the Clop ransomware gang targeted the above vulnerability in Progress Software’s MOVEit file transfer software, allowing it to exfiltrate data from a number of high-profile organisations such as the BBC, British Airways, PwC, Medibank, Shell, Estée Lauder, Deloitte, the University of Sydney, Transport for London and more.
US government and defence agencies were also affected, exposing over 632,000 defence and justice department emails. Eventually, Clop dumped all the stolen data online.