Huge amounts of employee data from Amazon and HSBC have been leaked

A threat actor with the online nickname “Nam3L3ss” has leaked employee data from a number of companies – including Amazon, 3M, HSBC and HP – allegedly during the Cl0p ransomware gang’s MOVEit hack in May 2023 that affected British Airways The BBC, Aer Lingus, Boots were compromised. Zellis and others.

Nam3L3ss’ post reveals Amazon employee data (Source: Hudson Rock)

More data leaks announced

“The stolen data, dating back to May 2023, includes employee directories from 25 major organizations,” said Alon Gal, CTO of cybercrime intelligence firm Hudson Rock.

Here is the list of affected companies, along with the number of compromised/leaked records (as stated by the threat actor on BreachForums):

• Amazon — 2,861,111 records
• MetLife — 585,130 records
• Cardinal Health — 407,437 records
• HSBC — 280,693 records
• Loyalty (fmr.com) — 124,464 records
• US Bank — 114,076 records
• P.S — 104,119 records
• Canada Post — 69,860 records
• Delta Airlines — 57,317 records
• Applied Materials (AMAT) — 53,170 records
• Leidos — 52,610 records
• Charles Schwab — 49,356 records
• 3M — 48,630 records
• Lenovo — 45,522 records
• Bristol Myers Squibb — 37,497 records
• Omnicom Group — 37,320 records
• TIAA — 23,857 records
• Swiss Bank Corporation (UBS) — 20,462 records
• Westinghouse — 18,193 records
• Urban Outfitters (URBN) — 17,553 records
• Rush University — 15,853 records
• British Telecom (BT) — 15,347 records
• Company i — 13,248 records
• Municipal National Bank (CNB) — 9,358 records
• McDonald’s — 3,295 records

The Hudson Rock researcher contacted Nam3L3ss, who said more data would be leaked in the following days.

“Researchers cannot yet confirm whether the data came from CL0P or its affiliates, or whether Nam3L3ss exploited these companies itself,” Gal added.

Amazon confirms data leak

Hudson Rock compared emails from the Amazon and HSBC datasets to employees’ LinkedIn profiles, as well as emails found in infostealer infections involving employees of those companies, and confirmed that the leaks Data is authentic.

Amazon has also confirmed it. Spokesman Adam Montgomery has told the media that the leaked data includes employees’ work contact information – e.g. Such as work email addresses, landline phone numbers and building locations – and that they do not come from Amazon, but from one of the company’s property management providers.

According to the VX Underground collective, the leaked Amazon dataset contains employee information but also details about Amazon’s physical locations and associated costs.

“None of the data (as we have seen so far) contains customer information,” said Hudson Rock, but the detailed employee information can be abused by various threat actors to launch fraudulent schemes and highly personalized phishing and social engineering attacks against the employees affected companies and carry out identity theft.