Skip to main content
Cybersecurity

MOVEit data on 760,000 employees leaked online

Data from the biggest exfiltration of 2023 is now appearing online.
article cover

Pugun Sj/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Last year, numerous organizations fell victim to a breach in managed file transfer software MOVEit. The who’s who of targeted organizations included everything from British Airways and the BBC to multiple US government agencies, with authorities blaming Russian ransomware gang named Cl0p.

As of July 2023, security firm Emsisoft estimated the number of breached organizations at nearly 2,800, with personal information on almost 96 million individuals stolen. (The Verge dubbed the affair the single biggest data theft of 2023.) Now, someone using the handle “Nam3L3ss” is leaking some of that data online, The Register reported.

That person (or persons) had begun posting personal details of Amazon employees and those of other companies in November, but data scrubbing firm Atlas Privacy’s Chief Strategy Officer Zack Ganot told The Register even more information is going up. The list of firms includes Xerox, Koch, Nokia, Bank of America, Bridgewater, Morgan Stanley, and JLL, and the leaked portions cumulatively account for around 760,000 employee entries.

“This data is a goldmine for social engineering,” Ganot told The Register, adding that it contains everything from phone numbers and badge details to roles and org charts at the companies.

MOVEit was a juicy target for the hackers, who exploited a (since-patched) zero-day SQL injection vulnerability that allowed for privilege escalation and unauthorized access to file transfers—essentially allowing them to scoop up data whenever it was moved in bulk. As researchers from Check Point noted, the attack mirrored a general trend in which threat actors have shifted from encrypting corporate data (as in ransomware) to stealing unencrypted data as leverage in extortion.

“If a company or government agency is stupid enough not to encrypt its data during transfers or if an admin is too stupid or too lazy to password protect their online storage that is on them,” the Nam3L3ss account previously posted on a cybercrime forum, according to research from Searchlight Cyber shared with Computer Weekly. “The world should know exactly what these companies and government agencies are leaking.”

According to Computer Weekly, the operator(s) of the account also claimed to be unaffiliated with any hacking group, and it remains unclear whether they have any actual affiliation with Cl0p.

Potentially impacted workers can check to see if their data is in the breach at databreach.com, where Atlas Privacy keeps a directory of known bulk data leaks.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.