1 枯れ果てた名無し@転載禁止 (dcaddc77) 2024/11/12 (火) 23:22:52.037 ID:lzgF082bK
A person operating under the username Nam3L3ss has released data related to an exploited critical vulnerability in MOVEit, a file transfer software, exposing extensive employee data from prominent companies worldwide.
The vulnerability, known as CVE-2023–34362, has led to one of the most substantial leaks of corporate information last year, affecting various sectors, including finance, healthcare, technology, and retail.
The MOVEit vulnerability, discovered in mid-2023, exposed a critical flaw in the widely-used file transfer software, allowing hackers to bypass authentication and access sensitive data. This exploit was quickly weaponized, leading to numerous high-profile breaches across industries as attackers exfiltrated confidential employee and customer information from vulnerable systems.
The stolen data, which dates back to May 2023, includes employee directories from 25 major organizations. The directories contain detailed employee information, including names, email addresses, phone numbers, cost center codes, and, in some cases, entire organizational structures. Such data could serve as a goldmine for cybercriminals seeking to engage in phishing, identity theft, or even social engineering attacks on a large scale.
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies
https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/
2 枯れ果てた名無し@転載禁止 2024/11/12 (火) 23:24:56.492 ID:lzgF082bK
A Timeline and Scope of the Breach
The leaked data, organized by company and dated May 2023, includes detailed employee records from some of the world’s largest companies, many with substantial global footprints. This breach emphasizes the far-reaching impact of MOVEit’s vulnerability and the risks involved when security patches aren’t applied swiftly. Here’s a breakdown of the leak by company:
Companies Impacted and Record Counts:
Amazon — 2,861,111 records
MetLife — 585,130 records
Cardinal Health — 407,437 records
HSBC — 280,693 records
Fidelity (fmr.com) — 124,464 records
U.S. Bank — 114,076 records
HP — 104,119 records
Canada Post — 69,860 records
Delta Airlines — 57,317 records
Applied Materials (AMAT) — 53,170 records
Leidos — 52,610 records
Charles Schwab — 49,356 records
3M — 48,630 records
Lenovo — 45,522 records
Bristol Myers Squibb — 37,497 records
Omnicom Group — 37,320 records
TIAA — 23,857 records
Union Bank of Switzerland (UBS) — 20,462 records
Westinghouse — 18,193 records
Urban Outfitters (URBN) — 17,553 records
Rush University — 15,853 records
British Telecom (BT) — 15,347 records
Firmenich — 13,248 records
City National Bank (CNB) — 9,358 records
McDonald’s — 3,295 records
https://i.imgur.com/OXU0o9r.jpeg
3 枯れ果てた名無し@転載禁止 2024/11/12 (火) 23:26:11.822 ID:lzgF082bK
Although many companies were listed as being affected, including HP, Applied Materials, 3M, Lenovo, British Telecom, and more, Amazon was named as having the most exposed records – over 2.86 million of the more than 5 million records.
Some of that data is being auctioned and/or distributed by a character going by Nam3L3ss on BreachForums.
"I have 1,000 releases coming never seen before," Nam3L3ss is claimed to have told Hudson Rock.
https://www.theregister.com/2024/11/12/amazon_moveit_breach/
4 枯れ果てた名無し@転載禁止 2024/11/13 (水) 01:56:33.187 ID:qhN8X1VV4
うへえ
5 枯れ果てた名無し@転載禁止 2024/11/14 (木) 11:37:32.784 ID:NjOuiFQIG
オーノー
