Amazon has confirmed a data breach that exposed its employees’ work email addresses, phone numbers, and office locations due to a security incident involving one of its property management vendors, as first reported by 404 Media.
An Amazon spokesperson, Adam Montgomery, clarified to The Verge that the breach was linked to a security event at the vendor, affecting Amazon along with other major clients.
The confirmation follows a report by cybercrime firm Hudson Rock, which found the leaked information posted on a hacking forum. The breach impacts Amazon and 25 other entities, including MetLife, HP, HSBC, and Canada Post. According to Hudson Rock, the exposed data dates back to May 2023 and is tied to a significant vulnerability in the MOVEit file transfer system, which had previously affected the BBC, British Airways, Sony, and the U.S. Department of Energy.
Montgomery assured that Amazon’s internal systems, including AWS, remain secure and that the breach only involved basic work contact information—no sensitive details such as social security numbers, government IDs, or financial data were affected. Still, a screenshot of the forum post indicates that over 2.8 million entries are in the Amazon dataset. The incident underscores the ongoing vulnerabilities in third-party file transfer systems like MOVEit, which continue to impact major companies worldwide.
