Before you read, a thought of mine: This women, tweeted, and comments on Github, boasting her actions. Now of course, its possible this is exactly how it all happened. But I am starting to think its also possible she was a patsy or something. Something is fishy that this engineer was stupid enough to go boasting about her actions on such common websites...
A massive breach of Capital One customer data has hit more than 100 million people in the U.S. and 6 million in Canada.
Thanks to a cloud misconfiguration, a hacker was able to access to credit applications, Social Security numbers and bank account numbers in one of the biggest data breaches to ever hit a financial services company — putting it in the same league in terms of size as the Equifax incident of 2017.
The FBI has already arrested a suspect in the case: A former engineer at Amazon Web Services (AWS), Paige Thompson, after she boasted about the data theft on GitHub.
According to a criminal complaint filed in the Western District of Washington’s U.S. Attorney’s Office, the intrusion occurred between March 19 and July 17 via a “misconfigured web application firewall.”
The illegally accessed data, which was stored on cloud servers rented from AWS, was primarily related to credit-card applications made between 2005 and early 2019, by both consumers and businesses. These include a raft of personal information, such as names, addresses and dates of birth; and financial information, including self-reported income and credit scores.
According to Capital One, no credit-card account numbers or log-in credentials were compromised and only about 140,000 Social Security numbers are impacted, meaning that “over 99 percent of Social Security numbers” were untouched, the company said. In Canada, about 1 million social insurance numbers were compromised.
More @ https://threatpost.com/aws-arrest-data-breach-capital-one/146758/