Check out Responsible Cyber website : Cybersecurity and Risk Management.
Delta Air Lines and Amazon have confirmed a data breach through a third-party vendor exploited by the MOVEit file transfer vulnerability, reigniting concerns about the extensive cyberattacks linked to this platform. This disclosure comes as a hacker known as “Nam3L3ss” released additional data from the initial MOVEit breaches, claiming further revelations targeting prominent organizations.
The Breach and Its Scope
Both companies emphasized that the compromised data was limited to employee directory information. A Delta spokesperson clarified that the breach involved data sourced from a third-party partner and not their internal systems. The information, described as non-sensitive, included names, contact details, and office locations. “Delta teams work continuously to safeguard Delta’s data as the security and integrity of that information is of the utmost importance,” the spokesperson said.
Similarly, Amazon stated that the vendor stored work contact information such as email addresses, desk phone numbers, and building locations. An Amazon representative assured that no sensitive information like Social Security numbers or ID details was involved. They confirmed that the vendor had since addressed the MOVEit vulnerability.
Despite these reassurances, the incident has heightened concerns over data security, as both companies were named among 25 organizations in a dark web post by “Nam3L3ss.”
MOVEit Vulnerability and Its Fallout
The MOVEit breaches first came to light in May 2023, exposing a serious vulnerability in Progress Software’s widely used file transfer tool. According to cybersecurity firm Emsisoft, these attacks affected over 2,700 organizations, exposing data for nearly 96 million individuals. The Clop ransomware gang has been identified as the primary actor behind the attacks, reportedly earning between $75 million and $100 million in ransom payments.
The MOVEit breach has resulted in widespread repercussions, including over 100 lawsuits against Progress Software. Dozens of government agencies and Fortune 500 companies were impacted, sparking international outrage and calls for greater accountability in cybersecurity.
Renewed Concerns Following Dark Web Posts
Nam3L3ss’ recent claims on the dark web have revived fears over the MOVEit breaches. The hacker shared data purportedly from the May 2023 attacks, including detailed employee directories from 25 major organizations. Cybersecurity firm Hudson Rock verified the legitimacy of the leaked data, which included names, email addresses, phone numbers, and organizational details. Experts warned this type of data is highly valuable to cybercriminals for phishing, identity theft, and social engineering schemes.
Hudson Rock’s CTO, Alon Gal, noted uncertainty over whether Nam3L3ss is directly linked to Clop or simply publicizing remaining stolen data. Regardless, the move has increased the visibility of sensitive corporate information, potentially exacerbating the damage.
Motivations and Further Threats
In dark web postings, Nam3L3ss denied being a hacker, instead claiming to download data from unsecured platforms or ransomware sites. The individual expressed anger towards companies failing to protect user information, citing a personal motivation rooted in a controversy involving a cybersecurity researcher sued in Columbus, Ohio, for analyzing city data stolen in a ransomware attack.
“The last straw came for me when Andy Ginther, mayor of Columbus, Ohio, decided to sue Connor Goodwolf for talking about how the Mayor was downplaying the scope of their ransomware attack,” Nam3L3ss wrote. The hacker has threatened further releases, stating they possess extensive data spanning a decade and promising “1,000 releases coming.”
Security Implications
The MOVEit breaches underscore the persistent threat posed by vulnerabilities in third-party tools. While companies like Delta and Amazon have taken steps to secure their systems, the reliance on external vendors amplifies risk. The leaked employee directories provide a wealth of information that malicious actors could exploit for fraud or targeted attacks.
This incident serves as a stark reminder of the need for robust cybersecurity measures, especially among third-party providers handling sensitive corporate data. Organizations must prioritize transparency and swift action in the face of breaches to mitigate risks and rebuild trust with stakeholders.
Conclusion
The MOVEit file transfer vulnerability has had a cascading impact, affecting thousands of organizations and exposing millions of records. As new data emerges, the focus remains on strengthening cybersecurity defenses and holding third-party vendors accountable for lapses. For companies like Delta and Amazon, the incident highlights the importance of vigilant monitoring and proactive measures to secure employee and customer data against evolving cyber threats.