Login to comment
S3, Amazon Web Services’ popular data storage software, stored the Capitol One data that was stolen.— Jennifer Jacobs (@JenniferJJacobs) July 30, 2019
Amazon says the data wasn’t accessed through a breach or vulnerability in AWS systems.
Prosecutors say access to the stolen bank data came through a misconfigured firewall. https://t.co/pt9F8vkcqc
Managed to get video of the raid in Seattle that lead to the arrest of Paige Thompson, 33yo software engineer accused of hacking databases and stealing info on 100 million credit card applications for #CapitalOne in a major breach. Housemates share details @ Noon @KIRO7Seattle pic.twitter.com/NXsjfAOInn— Ranji Sinha (@RanjiKIRO7) July 30, 2019
I’m sick of waking up to headlines revealing that millions of Americans had their information stolen because a billion-dollar company failed Cybersecurity 101. Corporations will only take Americans’ privacy seriously when CEOs are held personally accountable.— Ron Wyden (@RonWyden) July 30, 2019
KYC is dangerous.— Matt Odell (@matt_odell) July 30, 2019
"Personal information taken included names, incomes, dates of birth, addresses, phone numbers, and email addresses. Social security numbers for 140,000 people were also obtained, and about 80,000 bank account numbers were accessed."
According to the breach announcement, the incident was reported via a vulnerability disclosure program on July 17th, patched on July 19th, and immediately investigated for evidence of exploitation.— Jessy Irwin ✨ (@jessysaurusrex) July 30, 2019
The alleged attacker was arrested within days: https://t.co/P9ISB38a5p
I would question why they had 100m+ historic PII records unencrypted apparently in an S3 bucket and didn't notice for 4 months somebody on a random VPN IP sync'd everything externally. And only noticed 'cos somebody else emailed them.— Kevin Beaumont (@GossiTheDog) July 30, 2019
It's pretty jedi press work *waves hand*
As much as I like the idea of CEOs being personally held accountable — fines, jail time etc. — I fear it doesn't work at an institutional level. You can scream "security!" from the top down but unless it's woven into the fabric of a company, it's not going to change much. https://t.co/zFERuHCGby— Zack Whittaker (@zackwhittaker) July 30, 2019
FYI: Capital One was hacked: 106 million US + Canadian credit card applicants affected, personal info on forms stolen from cloud storage including names, addresses, DoBs, etc, including 140,000 Social Security numbers, 80,000 bank account numbers— The Register (@TheRegister) July 29, 2019
The arrested suspect behind the hack, Paige Thompson, is a former employee of Amazon Web Services, according to people familiar with the matter. She is accused of breaching a misconfigured Capitol One firewall to access data stored in AWS. via @nicole_hong https://t.co/jMx2pCB9yH— Dustin Volz (@dnvolz) July 30, 2019
Ok, this explains it: "While federal agents were sweeping the three-bedroom house where Thompson lives they discovered 20 firearms — both assault-style rifles and handguns — as well as firearm accessories, including bumpstocks, scopes, grips and ammunition"— Kim Zetter (@KimZetter) July 30, 2019
The woman who allegedly breached Capital One, exposing the info of 100M+ people, previously worked at Amazon Web Services, which the bank runs on.— Steve Kopack (@SteveKopack) July 30, 2019
AWS says it "was not compromised" but rather a now-patched Capital One web application led to the breach.https://t.co/nr7Xr8YZwZ
I’m suspending my rule that I don’t touch politics with a 1K foot pole. I don’t know (or care) the Senator’s party affiliation.— Tim MalcomVetter (@malcomvetter) July 30, 2019
This is just a stupid idea. Systems, vendors, and security are complex at scale. One oversight should not be a criminal offense for a CEO.
Incredible. Capital One's data breach site is titled "Facts."— Zack Whittaker (@zackwhittaker) July 30, 2019
And yet it also pulls this bullshit by saying that no Social Security numbers were breached... except for all the Social Security numbers that were breached.
Fuck you, Capital One. pic.twitter.com/PBod3z9QtC
Capital One's breach response is pretty wild and evolving. Aside from claiming in bold there was no PII and then immediately contradicting that in non-bold, it also now says data was encrypted in bold... then in non-bold mentions it wasn't encrypted.— Kevin Beaumont (@GossiTheDog) July 30, 2019
The bad news: So much data was stolen from Capitol One.— Nicholas Thompson (@nxthompson) July 30, 2019
The good news: The hacker appears to have been hapless.
The maybe crazy news: The hacker used to work at AWS, which hosted the data.
The counter to that news: The misconfig was on Capitol One's side.https://t.co/HpGKw4pAvd
Using a vpn is great for security, that's why I started @IPredatorVPN. But even using a great vpn like that doesn't make you anonymous when you admit what you've done, using your normal identity, on github. Police didn't even try to contact us about this. https://t.co/j3NOYo7XvF— Peter Sunde Kolmisoppi (@brokep) July 30, 2019
Login to comment
A #databreach exposing personal banking information has affected millions of customers from #CapitalOne. Some of the information breached for several thousand included social security numbers and bank accounts. #cybersecurity #cyberfraud #CapitalOneBreach https://t.co/XLdb7rNmqR— GroupSenseCyber (@GroupSenseCyber) July 30, 2019
“freeze your credit report if you were affected to make it more difficult for bad actors to fraudulently take out credit in your name” https://t.co/fd7yK2xNNj— Kayne McGladrey once took a ghost tour in Seattle (@kaynemcgladrey) July 30, 2019
PSA: Are you an adult in the United States? Freeze your credit report.@capitalone #breach pic.twitter.com/VV9xRaDWOf
#CapitalOne had #databreach that #exposed more than 100 million #personal #information of American and Canadian #users.— XUEZ Project (@XUEZcoin) July 30, 2019
It allowed #hackers to #steal all of the #customers #data, who signed up for #creditcard from 2005 to 2019. #CyberSecurity #thefthttps://t.co/oUY1pY5zLS
Capital One, the 5th largest U.S. credit card issuer, suffered a #databreach exposing personal info of more than 100 million credit card applicants in the U.S. & 6 million in Canada— Mohit Kumar (@unix_root) July 30, 2019
Details ➤ https://t.co/ehmIrHLWk6
FBI arrested a former #AWS engineer in relation to the breach pic.twitter.com/d7A5SafiZ5
Login to comment