Capital One 데이터 유출은 1 억 6 백만명의 사람들에게 영향

ment 7/31 '19 posted 뉴스 IT

• 이는 주요 금융 기관 중 가장 큰 위반 사항 중 하나입니다.

• 지금까지의 분석에 따라 이 정보를 이 개인에 의해 사기에 사용되거나 전파했다고는 생각되지 않습니다.

• 신용 카드 계좌 번호 및 로그인 인증 정보는 침해되지 않습니다.

• 이 사건은 고객에게 통지, 신용 모니터링, 기술 비용 및 법률 지원을 충당하기 위해 올해 1 억에서 1 억 5000 만 달러의 비용이 소요됩니다.

• 그녀는 GitHub에서 도둑질에 대해 게시했습니다. 윤리적인 보안 연구원이라고 불리는 GitHub 사용자는 Capital One에게 해당 게시물을 알렸습니다.

• 버지니아 주재 민주당 상원의원인 마크 워너 (Mark Warner)는 대통령 후보자 엘리자베스 워런 (Elizabeth Warren)와 함께 소비자 데이터 보호를 위해 더 많은 일을 해야 한다고 촉구했습니다.

• FBI가 책임자를 체포했습니다.

• FBI는 어제 아침 침해 사건과 관련하여 캐피털 원 계약자로 2015 년부터 2016 년까지 일한 아마존 웹 서비스 소프트웨어 엔지니어였던 33 세의 페이지 톰슨 (Paige Thompson a.k.a erratic)을 체포하여 도난당한 데이터 사본을 포함하는 전자 저장 장치를 압수했습니다.

• 톰슨은 월요일에 미국 지방 법원에 출두하여 컴퓨터 사기 및 학대 혐의로 기소되었으며 최고 5 년의 징역과 250,000 달러의 벌금이 부과됩니다.

A Hacker Stole Data From 100 Million Capital One Customers [www.wired.com]

5 best ways to make sure your credit data hasn't been breached [www.cnet.com]

Seattle engineer arrested in Capital One hack that affected 106M people [www.geekwire.com]

Capital One’s breach was inevitable, because we did nothing after Equifax [techcrunch.com]

Attention Required! | Cloudflare [www.darkreading.com]

Capital One Data Breach Affects 106 Million People, Suspect Arrested [www.bleepingcomputer.com]

Capital One breach - 100 million users’ data stolen [nakedsecurity.sophos.com]

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested [thehackernews.com]

Over 100 million accounts compromised after Capital One data breach [www.neowin.net]

A Hacker Stole Capital One Data on 106 Million Customers, and the FBI Says She Tweeted About It [gizmodo.com]

Capital One Hack Prompts Lawsuit, NY AG Probe [www.pymnts.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

7/31 '19 answered

Capital One Hacker Was Discovered Because of Bragging. https://t.co/pDJtmCT2Jb
— uɐpʇou@ ✸ (@notdan) July 30, 2019

S3, Amazon Web Services’ popular data storage software, stored the Capitol One data that was stolen.

Amazon says the data wasn’t accessed through a breach or vulnerability in AWS systems.

Prosecutors say access to the stolen bank data came through a misconfigured firewall. https://t.co/pt9F8vkcqc
— Jennifer Jacobs (@JenniferJJacobs) July 30, 2019

what kind of wordsmith fuckery is this??? pic.twitter.com/dtZYfi43d1
— drew olanoff (@yoda) July 29, 2019

Managed to get video of the raid in Seattle that lead to the arrest of Paige Thompson, 33yo software engineer accused of hacking databases and stealing info on 100 million credit card applications for #CapitalOne in a major breach. Housemates share details @ Noon @KIRO7Seattle pic.twitter.com/NXsjfAOInn
— Ranji Sinha (@RanjiKIRO7) July 30, 2019

“There appears to be some leaked s3 data of yours in someone’s github/gist.”

A tipster’s email helped uncover a hack at Capital One that impacted 100 million people. Here’s the latest ➡️ https://t.co/AFuz3iSly2 pic.twitter.com/107LnszuQT
— Bloomberg (@business) July 30, 2019

Wow. Capital One discloses massive data breach: 100M in US, 6M in Canada. One person in FBI custody. Credit files, applications, the lot. Hard to see this as anything other than Equifax 2.0. https://t.co/3nHG96nyle pic.twitter.com/3GQwp6qOH0
— Zack Whittaker (@zackwhittaker) July 29, 2019

I’m sick of waking up to headlines revealing that millions of Americans had their information stolen because a billion-dollar company failed Cybersecurity 101. Corporations will only take Americans’ privacy seriously when CEOs are held personally accountable.
— Ron Wyden (@RonWyden) July 30, 2019

https://twitter.com/gossithedog/status/1156263936511098880

This flies in the face of ~everything we know about incident response and building resilient, secure systems. https://t.co/67JxBd1UE2
— Aditya Mukerjee, the Otterrific ?️‍? (@chimeracoder) July 30, 2019

Capital One set up an email address for tips to alert the company to potential vulnerabilities.

That hotline helped it uncover the massive data breach https://t.co/tAuyEmHRdW
— Bloomberg (@business) July 30, 2019

Nice write up. Yes, this appears to be her resume. Worked at Amazon 2015-2016 https://t.co/WvvL5pi3Ed
— briankrebs (@briankrebs) July 30, 2019

https://twitter.com/lmatsakis/status/1156045065434861569

FBI says a Seattle woman hacked into a cloud server and stole "likely tens of millions" of credit applications for Capital One https://t.co/OVQ0ngJfXr
— briankrebs (@briankrebs) July 29, 2019

wow almost 15 years of data compromised. Absolutely absurd. Meanwhile banks have been withholding/making consumer data access difficult for startups on the grounds of safety... https://t.co/59Ybl4td5u
— Ian Kar (@iankar_) July 29, 2019

KYC is dangerous.

"Personal information taken included names, incomes, dates of birth, addresses, phone numbers, and email addresses. Social security numbers for 140,000 people were also obtained, and about 80,000 bank account numbers were accessed."
https://t.co/gYlXCle5Pv
— Matt Odell (@matt_odell) July 30, 2019

“The hack appears to be one of the largest data breaches ever to hit a financial services firm.” https://t.co/nsC7UHVp0R
— Katrina Orron (@plasticdreams94) July 30, 2019

According to the breach announcement, the incident was reported via a vulnerability disclosure program on July 17th, patched on July 19th, and immediately investigated for evidence of exploitation.

The alleged attacker was arrested within days: https://t.co/P9ISB38a5p
— Jessy Irwin ✨ (@jessysaurusrex) July 30, 2019

Remember Techdirt's rule of breaches: they always turn out to be worse and more encompassing than first reported. https://t.co/F08BmTXt7x
— Mike Masnick (@mmasnick) July 30, 2019

Capital One set up an email address for tips from "white hat" hackers. On July 17, the company got a hit. https://t.co/AFuz3j9WWC
— Bloomberg (@business) July 30, 2019

At this point, I’m getting like two breach notices a day. Who DOESN’T have my info? https://t.co/D3Z3eAGxTh
— kat calvin (@KatCalvinLA) July 29, 2019

I would question why they had 100m+ historic PII records unencrypted apparently in an S3 bucket and didn't notice for 4 months somebody on a random VPN IP sync'd everything externally. And only noticed 'cos somebody else emailed them.

It's pretty jedi press work *waves hand*
— Kevin Beaumont (@GossiTheDog) July 30, 2019

As much as I like the idea of CEOs being personally held accountable — fines, jail time etc. — I fear it doesn't work at an institutional level. You can scream "security!" from the top down but unless it's woven into the fabric of a company, it's not going to change much. https://t.co/zFERuHCGby
— Zack Whittaker (@zackwhittaker) July 30, 2019

I wrote a short post about it here (and yes, it's most likely more fintech companies it appears - I guess they haven't noticed yet either) https://t.co/vdgsTsc1RC
— Kevin Beaumont (@GossiTheDog) July 30, 2019

One week *to the day* after Equifax announced its settlement terms. It’s clear corporations won’t clean up their acts on their own. We need to create an enforceable federal data privacy standard, so I’m drafting that bill. https://t.co/ik80hyY2z0
— Rep. Katie Porter (@RepKatiePorter) July 29, 2019

https://twitter.com/josephfcox/status/1156266259421396992

FYI: Capital One was hacked: 106 million US + Canadian credit card applicants affected, personal info on forms stolen from cloud storage including names, addresses, DoBs, etc, including 140,000 Social Security numbers, 80,000 bank account numbers

More: https://t.co/on1mhXWWhs
— The Register (@TheRegister) July 29, 2019

ONE PERSON DID ALL OF THAT?! https://t.co/HCcJxwiZwE
— Saeed Jones (@theferocity) July 30, 2019

The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong https://t.co/jMx2pCB9yH
— Dustin Volz (@dnvolz) July 30, 2019

Ok, this explains it: "While federal agents were sweeping the three-bedroom house where Thompson lives they discovered 20 firearms — both assault-style rifles and handguns — as well as firearm accessories, including bumpstocks, scopes, grips and ammunition"
— Kim Zetter (@KimZetter) July 30, 2019

The woman who allegedly breached Capital One, exposing the info of 100M+ people, previously worked at Amazon Web Services, which the bank runs on.

AWS says it "was not compromised" but rather a now-patched Capital One web application led to the breach.https://t.co/nr7Xr8YZwZ
— Steve Kopack (@SteveKopack) July 30, 2019

Before people spread this too widely, please take note:

1) The datestamp on the video shows 7/23/2019, 5 days before the raid of Thompson's home. Was the clock simply wrong, or is this not the video it's purported to be?

1/2 https://t.co/1iBtYHzuXJ
— Dan Goodin (@dangoodin001) July 30, 2019

I’m suspending my rule that I don’t touch politics with a 1K foot pole. I don’t know (or care) the Senator’s party affiliation.

This is just a stupid idea. Systems, vendors, and security are complex at scale. One oversight should not be a criminal offense for a CEO.

1/9 https://t.co/bjOTPMVRUP
— Tim MalcomVetter (@malcomvetter) July 30, 2019

Incredible. Capital One's data breach site is titled "Facts."

And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.

Fuck you, Capital One. pic.twitter.com/PBod3z9QtC
— Zack Whittaker (@zackwhittaker) July 30, 2019

Capital One's breach response is pretty wild and evolving. Aside from claiming in bold there was no PII and then immediately contradicting that in non-bold, it also now says data was encrypted in bold... then in non-bold mentions it wasn't encrypted.
— Kevin Beaumont (@GossiTheDog) July 30, 2019

The bad news: So much data was stolen from Capitol One.
The good news: The hacker appears to have been hapless.
The maybe crazy news: The hacker used to work at AWS, which hosted the data.
The counter to that news: The misconfig was on Capitol One's side.https://t.co/HpGKw4pAvd
— Nicholas Thompson (@nxthompson) July 30, 2019

Using a vpn is great for security, that's why I started @IPredatorVPN. But even using a great vpn like that doesn't make you anonymous when you admit what you've done, using your normal identity, on github. Police didn't even try to contact us about this. https://t.co/j3NOYo7XvF
— Peter Sunde Kolmisoppi (@brokep) July 30, 2019

it is 100% capital one's fault for fucking this up but this story is still bizarre https://t.co/KHQV8VLEkH
— ???? (@sourhoneykey) July 30, 2019

The Alleged #CapitalOne #Hacker Didn't Cover Her #Tracks #databreach #investigation #FBI #CyberSecurity https://t.co/EhA4Mhc14I
— Sophie Tacchi (@SophTac) July 30, 2019

Seattle engineer arrested for Capital One hack that affected 100M people – GeekWire https://t.co/65FwMHIXF9
— James Hirsen (@thejimjams) July 30, 2019

Capital One’s breach was inevitable, because we did nothing after Equifaxhttps://t.co/AivsGlPv9L pic.twitter.com/YOlHOluuuy
— ⚠️ Damn Interesting (@DamnInteresting) July 30, 2019

ICYMI: There was another giant data breach similar to the Equifax hackhttps://t.co/anEJQ8keB3
— TechLinked (@TechLinkedYT) July 30, 2019

Capital One's breach was inevitable, because we did nothing after Equifax https://t.co/cbWCJPyN3M via @techcrunch
— Dan Primack (@danprimack) July 30, 2019

Here's my follow. After the Equifax breach, neither lawmakers nor credit companies heeded the warnings. Of course it was going to happen again.https://t.co/5XiVM0QKTF
— Zack Whittaker (@zackwhittaker) July 30, 2019

Capital One’s breach was inevitable, because we did nothing after Equifax – TechCrunch https://t.co/jiRrfRvzlj
— Kevin Jones (@kjwthree) July 30, 2019

Capital One’s breach was inevitable, because we did nothing after Equifax «The Equifax incident should have sparked a fire under the credit giants. The breach was the canary in the coal mine.» #CapitalOne #CapitalOneBreach https://t.co/H2KjKJrDjb
— Claudia Timmons (@ClodyaTim) July 30, 2019

Capital One’s breach was inevitable, because we did nothing after Equifaxhttps://t.co/LAzCvnyAgF
— Frank Denis (@jedisct1) July 30, 2019

Capital One’s breach was inevitable, because we did nothing after Equifax https://t.co/QkzlLeQg2n
— Becky Yoose (@yo_bj) July 30, 2019

Really insightful read...Diligence across the full spectrum of data origination, data in motion and data at rest is required.
#csp #pci #dataprivacy @talasec https://t.co/LMi6rsTz35
— Tala Security (@talasec) July 30, 2019

"Capital One’s breach was inevitable, because we did nothing after Equifax" #databreach #datarights https://t.co/US5lZeBPbE
— Dhanaraj Thakur (@thakurdhanaraj) July 30, 2019

【キャピタルワン】
?サイバーセキュリティー保険で4億ドル分をカバー

Even with these increased costs, Capital One states that they have cyber security insurance that will cover up to $400 million with a $10 million deductible.
https://t.co/gPe4gMJFtc
— 大井哲也弁護士 (@tetsuyaoi2tmi) July 30, 2019

Capital One Data Breach Affects 106 Million People, Suspect Arrested https://t.co/pbnMxKTZr8
— The Cyber Security Hub (@TheCyberSecHub) July 30, 2019

Capital One Data Breach Affects 106 Million People, Suspect Arrested https://t.co/VF1kXhKk2w
— Nicolas Krassas (@Dinosn) July 30, 2019

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested https://t.co/w2nPU9kkvL
— Pirate Security Conference (@PirateSecon) July 30, 2019

Over 100 million accounts compromised after Capital One data breach #CapitalOne #Breach #Security https://t.co/m81wvYxQs5 pic.twitter.com/DgR6TF0sv4
— Neowin (@NeowinFeed) July 30, 2019

106 Million Customers?!!! ?https://t.co/806uC974PW
— VeryRandyReality (@IsItUpOrDown) July 30, 2019

permanent link

Open Wiki - Feel free to edit it. -

7/31 '19 answered

Capital One 데이터 유출은 1 억 6 백만명의 사람들에게 영향 https://t.co/xSzStTXBkO
• FBI는 어제 아침 침해 사건과 관련하여 캐피털 원 계약자로 2015 년부터 2016 년까지 일한 아마존 웹 서비스 소프트웨어 엔지니어였던 33 세의 페이지 톰슨 (Paige Thompson a.k.a erratic)을 체포하여
— editoy (@editoy) July 31, 2019

“We had an opportunity to stop these kinds of breaches from happening again, yet in the two years passed we’ve barely grappled with the basic concepts of internet security.” https://t.co/uAAwHuSKyU
— Adam Levin (@Adam_K_Levin) July 30, 2019

"these breaches will continue so long as the companies continue to collect our data and not take their data security responsibilities seriously" — @zackwhittaker for @TechCrunch https://t.co/72lJHhQHFQ
— Privacy Project (@PrivacyProject) July 30, 2019

Capital One's breach was inevitable, because we did nothing after Equifax https://t.co/CFSMMebi7A via @techcrunch
— Aryeh Goretsky (@goretsky) July 30, 2019

Capital One's breach was inevitable, because we did nothing after Equifax https://t.co/kvAsDyTFA7 via @techcrunch
— Mack Male (@mastermaq) July 30, 2019

Why you could see the #CapitalOneBreach coming a mile away. https://t.co/LvlbQnbsfJ #CapitalOne #DataPrivacy #Equifax #InfoSec #CyberSecurity #hackers #TMtmDailyBuzz
— Tim Mask™ (@timmask) July 30, 2019

A #databreach exposing personal banking information has affected millions of customers from #CapitalOne. Some of the information breached for several thousand included social security numbers and bank accounts. #cybersecurity #cyberfraud #CapitalOneBreach https://t.co/XLdb7rNmqR
— GroupSenseCyber (@GroupSenseCyber) July 30, 2019

“freeze your credit report if you were affected to make it more difficult for bad actors to fraudulently take out credit in your name” https://t.co/fd7yK2xNNj

PSA: Are you an adult in the United States? Freeze your credit report.@capitalone #breach pic.twitter.com/VV9xRaDWOf
— Kayne McGladrey once took a ghost tour in Seattle (@kaynemcgladrey) July 30, 2019

#CapitalOne had #databreach that #exposed more than 100 million #personal #information of American and Canadian #users.

It allowed #hackers to #steal all of the #customers #data, who signed up for #creditcard from 2005 to 2019. #CyberSecurity #theft https://t.co/oUY1pY5zLS
— XUEZ Project (@XUEZcoin) July 30, 2019

Capital One, the 5th largest U.S. credit card issuer, suffered a #databreach exposing personal info of more than 100 million credit card applicants in the U.S. & 6 million in Canada

Details ➤ https://t.co/ehmIrHLWk6

FBI arrested a former #AWS engineer in relation to the breach pic.twitter.com/d7A5SafiZ5
— Mohit Kumar (@unix_root) July 30, 2019

Over 100 million accounts compromised after Capital One data breach #kbn https://t.co/JxF1DvBocV
— Korben (@Korben) July 30, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured