Exclusive: Amazon confirms there were no incidents after threat actor claims 53,000 accounts leaked
Amazon has confirmed that despite malicious actors’ claims that data had been scraped and account details stolen, there had been no cyber incidents on its systems.
In a post on a popular hacking forum, the threat actor “l33tfg” claimed to have taken data from Amazon.com, collecting 53,246 hacked accounts and data recovery.
“Hello breach forums, today I have data for amazon.com. It contains usernames, passwords, 1000 contact emails, full names, phone numbers, DNS information, IP addresses, etc. said the malicious actor.
In the listing, l33tfg posted a sample containing PHP code, which appears to contain names, email addresses, and other data.
As for the justification for the incident, l33tfg told a comical “supervillain origin story.”
“When I was 6, my parents ordered me a toy train for Christmas from Amazon, but it never arrived. I’ve been heartbroken and depressed ever since,” the menacing actor said.
“I had nothing to live for, so f— you Jeff Bezos, f— you and your egg-shaped bald head that looks like ass, treat your workers better, you stupid p— .”
It does not appear that the threat actor is looking to sell the data or any financial gain, having posted a link to what they claim is the full deal.
However, in speaking with Cyber Daily, Amazon confirmed that there were no cyber incidents and that most of the data did not come from Amazon or match customer information.
“Amazon has not experienced a security event and our systems remain secure,” Amazon said.
“The data referenced in the Breach Forums did not come from Amazon and did not even match Amazon customer credentials.
“For the very small percentage of accounts where this has been the case, we have taken steps to protect those customers.”