The recent spate of MOVEit software exploits, which began in May 2023, impacted several major organizations, with Amazon among them. Although no customer accounts were directly affected, recent news has reignited concerns over account security and data privacy. Here’s what you need to know about the incident, how Amazon responded, and how to keep your data safe.
Amazon Confirms Third-Party Data Breach
In a statement on November 11, Amazon spokesperson Adam Montgomery clarified the nature of the breach, underscoring that the issue did not originate from Amazon or Amazon Web Services. Instead, the cyberattack targeted an external property management vendor associated with Amazon. Hackers exploited an SQL vulnerability (CVE-2023-34362) in the MOVEit software, impacting several large organizations, including British Airways, the BBC, Shell, and multiple government agencies.
Understanding the Impact of the Data Breach
Cybersecurity contributor Lars Daniel reported that a hacker, known as Nam3L3ss, accessed and posted data from 25 organizations, including Amazon, amounting to over 250TB. This compromised archive includes databases from various platforms, such as MySQL, SQL Server, and Azure backups.
Were Amazon Customer Accounts Compromised?
Fortunately, the breach appears limited in scope. According to Amazon, only employee contact information—work emails, desk phone numbers, and building locations—was accessed. “Customer accounts and credentials remain unaffected,” confirmed Montgomery.
How to Protect Your Amazon Account
While there is no indication that customer accounts or passwords were compromised, it’s always wise to take proactive security measures. Here are some tips to ensure your Amazon account remains secure:
- Change Passwords Regularly: Use strong, unique passwords and update them periodically.
- Enable Two-Factor Authentication (2FA): This extra layer of protection can help prevent unauthorized access.
- Review Account Activity: Check your account for unfamiliar activity, especially after major security incidents.
- Be Cautious of Phishing Scams: Cybercriminals may use this event to create phishing attacks disguised as legitimate Amazon communications.
