MoveIT Breach – The Gift That Keeps on Giving

For a while I had a counter on the weekly newsletter of the number of victims. At some point it seems to have calmed down. Now the hacker has released more data, including Amazon employee data. The hacker said that what you have seen is less than 0.001 percent of the data he/she has. He/she says he has over 250 terabytes of data.

This shows you how long the tail of a breach is. More than a year later, new victims are being outed.

The Amazon data loss is more than 2.8 million “lines of data”. One assumes this means 2.8 million employees.

In late 2023, the count of the number of organizations affected was over 2,500 COMPANIES representing the data of 77 million people.

The data in these attacks can be used for many purposes. For example, internal organization data and emails gives hackers style information to mimic and organization structure is fodder for social engineering. If you get an email from your boss’s boss’s boss, you are likely to act on it without questioning it.

One more time, this is an example of a third party breach as all of the victims were customers of Progress Software who makes MoveIT.

Supply chain attacks are very popular and this is a good reason why. One attack and you get data on 2,600 companies and 77 million people. That is hard to do any other way.

Now would be a good time to review your vendor risk program and if you need help with that, please contact us.

Credit: Bleeping Computer , Forbes, and The Register

by