1 枯れ果てた名無し@転載禁止 (dcaddc77) 2024/11/12 (火) 23:22:52.037 ID:lzgF082bK
A person operating under the username Nam3L3ss has released data related to an exploited critical vulnerability in MOVEit, a file transfer software, exposing extensive employee data from prominent companies worldwide.
The vulnerability, known as CVE-2023–34362, has led to one of the most substantial leaks of corporate information last year, affecting various sectors, including finance, healthcare, technology, and retail.
The MOVEit vulnerability, discovered in mid-2023, exposed a critical flaw in the widely-used file transfer software, allowing hackers to bypass authentication and access sensitive data. This exploit was quickly weaponized, leading to numerous high-profile breaches across industries as attackers exfiltrated confidential employee and customer information from vulnerable systems.
The stolen data, which dates back to May 2023, includes employee directories from 25 major organizations. The directories contain detailed employee information, including names, email addresses, phone numbers, cost center codes, and, in some cases, entire organizational structures. Such data could serve as a goldmine for cybercriminals seeking to engage in phishing, identity theft, or even social engineering attacks on a large scale.
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies
https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/