The MOVEit breach chaos continues, data on hundreds of thousands has been leaked from Nokia and Morgan Stanley
- A hacker with the alias “Nam3L3ss” started leaking data from six companies
- Companies include Nokia, Bank of America and others
- The data came from the MOVEit breach that happened over a year ago
Hackers are still leaking sensitive information stolen via the MOVEit flaw more than a year after it was first exposed, experts warn.
A threat actor with the alias “Nam3L3ss” recently started leaking sensitive data from six major companies to BreachForums: , Morgan Stanley (32,861) and JLL (62,349), The registry reports.
The publication further added that security researchers have analyzed the data dump and confirmed its authenticity, adding that the leaked information includes people’s full names, phone numbers, email addresses, job addresses, employee badges, job titles and usernames.
MOVEit files keep leaking
This is the type of information that cybercriminals love most (aside from passwords and banking information, of course), because it allows them to conduct phishing, identity theft, and similar attacks that can lead to ransomware, banking fraud, and more.
“This data is a goldmine for social engineering,” said Zack Ganot, Chief Strategy Officer of Atlas Privacy. “Knowing exactly which employee is on which team, who they report to, what their badge number is, which building they work in, their email address and organization phone number – this is a crazy thing for an attacker looking to exploit an organization. “
MOVEit is a managed file transfer (MFT) tool used by large companies to securely share sensitive files. In late May 2023, it was discovered to have a flaw, which was successfully exploited by a Russian ransomware actor called Cl0p. This group used the flaw to exfiltrate sensitive data from hundreds of companies using MOVEit.
Victims included numerous high-profile organizations across industries, including U.S. government agencies (Department of Energy, Office of Personnel Management), educational institutions (Johns Hopkins University), private companies (Shell, British Airways, Ernst & Young), and many others. In total, more than 62 million people were directly affected, and the actual number is likely higher.
