Lessons learnt: A misconfigured cloud asset can cause a big multi-million dollar problem.
https://www.theregister.com/2022/06/20/captial_one_wire_fraud/
https://www.securityweek.com/jury-convicts-seattle-woman-massive-capital-one-hack
About the Capitol One breach read the following news:
https://www.securityweek.com/qa-what-know-about-capital-one-data-breach
"The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage."
"Paige Thompson (aka 'erratic') was arrested in July 2019 after data was leaked between March and July of that year. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a 'misconfigured web application firewall.'"
"The complaint added: 'Capital One determined that the April 21 file contained code for three commands, as well as a list of more than 700 folders or buckets of data.'"
"'Ms Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,' thundered US Attorney Nick Brown. 'Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.'
'She wanted data, she wanted money, and she wanted to brag,' Assistant United States Attorney Andrew Friedman said in closing arguments."
No comments:
Post a Comment