We have confirmed that employee data was involved in a recent security event at one of our third-party vendors," an Amazon spokesman said in the statement to TechCrunch on Monday.

"Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon. The only Amazon information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations," Montgomery said. 

Amazon would not comment on how many employees had been affected by the breach. The company said that the vendor, which Amazon will not identify, cannot access sensitive information that includes Social Security numbers or other financial data, and the vendor has corrected the security flaw that caused the data breach.

Confirmation comes after a threat actor came out claiming to have published exfiltrated data from Amazon on the infamous hacking platform BreachForums. The individual claims he has more than 2.8 million lines of data; this was allegedly taken during the mass exploitation conducted against MOVEit Transfer last year.
According to a report by cybersecurity firm Hudson Rock, a threat actor published data exfiltrated from 25 major organizations, as confirmed by the individual allegedly conducting the hacks. 

"What you have seen so far is less than .001% of the data I have," boasts the threat actor. "I have 1,000 releases coming never seen before."

TechCrunch has contacted the other organizations the threat actor mentioned and has yet to receive any further response.

The MOVEit breach-that involved hackers exploiting a zero-day vulnerability in Progress Software's file-transfer software-was 2023's largest hack ever.

These attacks, which have been claimed by the notorious Clop ransomware and extortion gang, affected more than 1,000 organizations, including the Oregon Department of Transportation (3.5 million records stolen), the Colorado Department of Health Care Policy and Financing (four million) and U.S. government services contracting giant Maximus (11 million).