MOVEit fallout: hackers leak employee data from Amazon, MetLife, HSBC, and other major companies


A threat actor on an illicit forum has posted massive datasets with millions of records containing employee information from major companies, likely stolen during last year's MOVEit vulnerability hacking spree.

The Israeli cybersecurity firm Hudson Rock has discovered that a hacker operating under the alias Nam3L3ss posted at least 25 CSV datasets with employee data from major organizations.

Among the leaked files, Amazon stands out as the largest, with 2,861,111 records. The dataset reveals sensitive information about employees, including full names, titles, cost center codes and names, phone numbers, and email addresses.

ADVERTISEMENT

“This structured data reveals not only contact information but also sensitive details about organizational roles and department assignments, potentially opening doors to social engineering and other security threats,” Hudson Rock researchers said in a report.

Hundreds of thousands of records were also leaked in datasets labeled as belonging to MetLife (585,130 records), Cardinal Health (407,437), HSBC (280,693), Fidelity, US Bank, and HP.

Tens of thousands of employees were exposed in the datasets allegedly belonging to Canada Post, Delta Airlines, Applied Materials, Leidos, Charles Schwab, 3M, Lenovo, Bristol Myers Squibb , Omnicom Group , TIAA , Union Bank of Switzerland, Westinghouse, Urban Outfitters, Rush University, British Telecom, and Firmenich .

Two smallest files contain 9,358 records from City National Bank and 3,295 entries from McDonald’s .

“Hudson Rock researchers were able to verify the authenticity of the data by cross-referencing emails from the leaks to LinkedIn profiles of employees, and to emails found in Infostealer infections where employees in the affected companies were involved,” the report reads.

The threat actor responded to the researcher’s inquiry and said that the leak only represents a fraction of what they possess.

“What you have seen so far is less than .001% of the data I have,” the Nam3L3ss’s stated. “I have 1,000 releases coming never seen before.”

The threat actor insisted they weren't the hacker, nor they “ever tried to blackmail anyone.”

ADVERTISEMENT
Ernestas Naprys Niamh Ancell BW Paulina Okunyte Paulius Grinkevicius
Get our latest stories today on Google News

The stolen data dates back to May 2023 and appears to be linked to the MOVEit Zero-Day cyber heist, which compromised thousands of organizations globally. Exploiting a critical flaw in MOVEit Transfer software, attackers – primarily the Russia-linked ransomware group Cl0p – gained access and stole vast amounts of sensitive data.

Hudson Rock warns that the exposed data could have severe implications for the companies and employees exposed, as it could be used for phishing and social engineering attacks, corporate espionage, financial fraud, and reputational damage.

“For companies using MOVEit or similar file transfer systems, the incident is a wake-up call,” Hudson Rock said.

The company recommends tightening security practices, such as applying security patches immediately, conducting security audits, training employees, and restricting data access.