Amazon, Advance Auto Parts, and Acer Philippines Bleed Employee Data; Third-Party Vendors Are the Weak Link
Amazon, Advance Auto Parts, and Acer Philippines all confirmed employee data breaches. The leaked credentials were reportedly found or attempted to be sold on hacking forums. For Acer Philippines specifically, the compromised data involved employee attendance records held by a third-party vendor.
Users report that Amazon's leak is tied to the May 2023 MOVEit attacks. BrikoX noted Amazon confirmed the compromise followed a 'security event' at a third-party vendor. Multiple sources pointed to Advance Auto Parts acknowledging a breach after a threat actor tried to sell the stolen records. Lemmydev2 reported these vendor breaches multiple times, covering all three named entities.
The consensus shows multiple major corporations suffered data exfiltration through weak third-party vendors. The vulnerability isn't just internal; it appears external, pointing systemic failure in vendor security protocols across multiple industries.
Key Points
#1Amazon's data leak is potentially linked to a specific, dated cyber attack.
Lemmydev2 alleges the breach occurred during the May 2023 MOVEit attacks.
#2Advance Auto Parts confirmed data theft stemming from dark web activity.
BrikoX and another user reported the breach followed a threat actor attempting to sell the data on a hacking forum.
#3Acer Philippines suffered a targeted breach concerning attendance records.
BrikoX specified the stolen data belonged to an employee attendance system managed by an outside vendor.
#4The pattern of compromise repeatedly points to outsourced management systems.
The consensus across posts—from Amazon to Acer—identifies third-party vendors as the vector for the stolen employee data.
Source Discussions (5)
This report was synthesized from the following Lemmy discussions, ranked by community score.