.png "back to home page")
Capital One's breach response is pretty wild and evolving. Aside from claiming in bold there was no PII and then immediately contradicting that in non-bold, it also now says data was encrypted in bold... then in non-bold mentions it wasn't encrypted.
— Kevin Beaumont (@GossiTheDog) July 30, 2019
I’m sick of waking up to headlines revealing that millions of Americans had their information stolen because a billion-dollar company failed Cybersecurity 101. Corporations will only take Americans’ privacy seriously when CEOs are held personally accountable.
— Ron Wyden (@RonWyden) July 30, 2019
I’m suspending my rule that I don’t touch politics with a 1K foot pole. I don’t know (or care) the Senator’s party affiliation.
— Tim MalcomVetter (@malcomvetter) July 30, 2019
This is just a stupid idea. Systems, vendors, and security are complex at scale. One oversight should not be a criminal offense for a CEO.
1/9 https://t.co/bjOTPMVRUP
Ok, this explains it: "While federal agents were sweeping the three-bedroom house where Thompson lives they discovered 20 firearms — both assault-style rifles and handguns — as well as firearm accessories, including bumpstocks, scopes, grips and ammunition"
— Kim Zetter (@KimZetter) July 30, 2019
I wrote a short post about it here (and yes, it's most likely more fintech companies it appears - I guess they haven't noticed yet either) https://t.co/vdgsTsc1RC
— Kevin Beaumont (@GossiTheDog) July 30, 2019
“There appears to be some leaked s3 data of yours in someone’s github/gist.”
— Bloomberg (@business) July 30, 2019
A tipster’s email helped uncover a hack at Capital One that impacted 100 million people. Here’s the latest ➡️ https://t.co/AFuz3iSly2 pic.twitter.com/107LnszuQT
Capital One set up an email address for tips from "white hat" hackers. On July 17, the company got a hit. https://t.co/AFuz3j9WWC
— Bloomberg (@business) July 30, 2019
This flies in the face of ~everything we know about incident response and building resilient, secure systems. https://t.co/67JxBd1UE2
— Aditya Mukerjee, the Otterrific ?️? (@chimeracoder) July 30, 2019
The woman who allegedly breached Capital One, exposing the info of 100M+ people, previously worked at Amazon Web Services, which the bank runs on.
— Steve Kopack (@SteveKopack) July 30, 2019
AWS says it "was not compromised" but rather a now-patched Capital One web application led to the breach.https://t.co/nr7Xr8YZwZ
As much as I like the idea of CEOs being personally held accountable — fines, jail time etc. — I fear it doesn't work at an institutional level. You can scream "security!" from the top down but unless it's woven into the fabric of a company, it's not going to change much. https://t.co/zFERuHCGby
— Zack Whittaker (@zackwhittaker) July 30, 2019
Capital One set up an email address for tips to alert the company to potential vulnerabilities.
— Bloomberg (@business) July 30, 2019
That hotline helped it uncover the massive data breach https://t.co/tAuyEmHRdW
S3, Amazon Web Services’ popular data storage software, stored the Capitol One data that was stolen.
— Jennifer Jacobs (@JenniferJJacobs) July 30, 2019
Amazon says the data wasn’t accessed through a breach or vulnerability in AWS systems.
Prosecutors say access to the stolen bank data came through a misconfigured firewall. https://t.co/pt9F8vkcqc
Managed to get video of the raid in Seattle that lead to the arrest of Paige Thompson, 33yo software engineer accused of hacking databases and stealing info on 100 million credit card applications for #CapitalOne in a major breach. Housemates share details @ Noon @KIRO7Seattle pic.twitter.com/NXsjfAOInn
— Ranji Sinha (@RanjiKIRO7) July 30, 2019
I would question why they had 100m+ historic PII records unencrypted apparently in an S3 bucket and didn't notice for 4 months somebody on a random VPN IP sync'd everything externally. And only noticed 'cos somebody else emailed them.
— Kevin Beaumont (@GossiTheDog) July 30, 2019
It's pretty jedi press work *waves hand*
Before people spread this too widely, please take note:
— Dan Goodin (@dangoodin001) July 30, 2019
1) The datestamp on the video shows 7/23/2019, 5 days before the raid of Thompson's home. Was the clock simply wrong, or is this not the video it's purported to be?
1/2 https://t.co/1iBtYHzuXJ
KYC is dangerous.
— Matt Odell (@matt_odell) July 30, 2019
"Personal information taken included names, incomes, dates of birth, addresses, phone numbers, and email addresses. Social security numbers for 140,000 people were also obtained, and about 80,000 bank account numbers were accessed."
https://t.co/gYlXCle5Pv
Something that's getting drowned out in the coverage of the Capital One hack was that the data wasn't stored on Capital One's internal network.
— Nash Across the 8th Dimension (@Nash076) July 30, 2019
It was stored on Amazon Cloud Services. https://t.co/6bMMLtr9hj pic.twitter.com/zTNCHZWl1I
Woman caught… Paige A. Thompson - Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One https://t.co/7mR0rI7bO4 #CapitalOneBreach #hacking #cybersecurity #databreach @HackedAgainBook
— Scott Schober (@ScottBVS) July 30, 2019
The @CapitalOne hack is just the latest corporate breach that’s exposed millions of Americans’ personal data to criminals. It gives us 100 million MORE reasons to enact stronger cybersecurity and privacy standards. https://t.co/nAAhwjlL2j
— Senator Bob Menendez (@SenatorMenendez) July 30, 2019
Capital One Data Breach Compromises Data of Over 100 Million - Emily Flitter @FlitterOnFraud & Karen Weise @KYWeise #security #privacy https://t.co/dvOaea0G96 pic.twitter.com/0awZObbLDG
— Startpage.com (@StartPageSearch) July 30, 2019
A software engineer in Seattle hacked into a server holding customer data for Capital One and stole millions of credit card applications. According to the company, about 100 million people were affected. https://t.co/E3VS5CHTJ0
— NYT Business (@nytimesbusiness) July 30, 2019
One of biggest breaches in #FinancialServices ever: @CapitalOne #hackers stole >100 million customers' #data
— Martin.B.Moeller (@ImMBM) July 30, 2019
With #data among people's most valuable assets, this is stark reminder of importance of #CyberSecurity for #bankshttps://t.co/oq7kKgDd6n #Banking #Finserv #CyberAttack pic.twitter.com/GhEGuQZr7b
This proves once again how we must stand as one #fintech and #DeFi community to demand #blockchain (like Hydrogen's open-source #Raindrop protocols) are used to fight against #hacking. The public can see attacks in real-time. https://t.co/5v48TMcaPA
— Hydrogen (@HydrogenAPI) July 30, 2019
Congress must investigate this immediately. We're all tired of hearing about these data breaches that put millions at risk. Enough is enough already. We must have a hearing on this.https://t.co/bEmGLFe1gO
— Rep. Debbie Dingell (@RepDebDingell) July 30, 2019
#CapitalOne data breach affects 100 million individuals and small businesses. #BeCyberSmart #CyberAware https://t.co/UX3pWgqW0g
— NatlCyberSecAlliance (@StaySafeOnline) July 30, 2019
Controversial opinion: it wasn’t a good idea to make so many aspects of our lives hackable.https://t.co/ba4zwtfFAL
— LibrarianShipwreck (@libshipwreck) July 30, 2019
@GavinNewsom @AsmDems @LatinoCaucus @CaWomensCaucus @CAJewishCaucus #SB276
— Loops (@wswdaw) July 30, 2019
LAPD not the only oneshttps://t.co/9YaftbXp7Y
https://t.co/yNvLGgUofx. With all these breaches, I'm expecting free credit monitoring for life. #CapitalOneBreach #EquifaxDataBreach
— Nancy (@july30babe) July 30, 2019
Hackers may know what's in your wallet. ? https://t.co/eZPM3tA22F
— Ryan Calo (@rcalo) July 30, 2019
Guess their slogan should've been "who's in your wallet" not "what's in your wallet" https://t.co/1U9UVsEcx5
— Jared Parsons (@jaredpar) July 30, 2019
Over 100 million Americans and Canadians had their personal information exposed in the Capital One data breach https://t.co/bqtLwQZE2I If you think your data is at risk, you can protect yourself, but you need to act fast. Get started now with our guide: https://t.co/hWYA7zuQ46
— ProtonVPN (@ProtonVPN) July 30, 2019
A 33 year old woman who ran the “Seattle Warez Kiddies” meetup group, and boasted about distributing leaked Capital One data, was arrested for hacking:https://t.co/RH2qCBDlze
— Social Hax (@socialhax) July 30, 2019
The woman who allegedly breached Capital One, exposing the info of 100M+ people, previously worked at Amazon Web Services, which the bank runs on.
— Steve Kopack (@SteveKopack) July 30, 2019
AWS says it "was not compromised" but rather a now-patched Capital One web application led to the breach.https://t.co/nr7Xr8YZwZ
NEW: @CapitalOne set up an email address for tips from "white hat" hackers
— David S. Joachim (@davidjoachim) July 30, 2019
On July 17, it got a hit:
“Hello there. There appears to be some leaked s3 data of yours in someone’s github/gist.”https://t.co/FNJLjpNB6o @CBerthelsenBBG @WilliamTurton @jennysurane pic.twitter.com/x0DHs0jQst
“There appears to be some leaked s3 data of yours in someone’s github/gist.”https://t.co/I7jMKvb1vQ via @business
— Juan Mojica (@Juan_M_Mojica) July 30, 2019
Well, she used to work for AWS. The way I read it she was not working for AWS at the time she stole the data. See https://t.co/wcWXACyLBy
— Frank Scavo (@fscavo) July 30, 2019
Paige Thompson이 Github과 Slack에서 Capital One의 해킹에 대해 자랑했다 https://t.co/CCgLuUaX6Z
— editoy (@editoy) July 31, 2019
• 다른 명령을 사용하여 공격자는 AWS에 저장된 Capital One 폴더를 열거하고 해당 내용을 복사할 수 있었습니다.
Feds: former #cloud worker hacks into Capital One and takes data for 106 million people https://t.co/icmwizrVP9
— Evan Kirstel (@evankirstel) July 30, 2019
Former @aws employee identified as the attacker in the @capitalone hack. This is something that everyone who uses AWS knows is a possibility but hopes never will happen. https://t.co/Cc0UZ1BqDm pic.twitter.com/iClhWKne9Y
— ecurrencyhodler (@ecurrencyhodler) July 30, 2019
One command executed in the firewall hack allowed the intruder to gain credentials for an administrator account known as *****WAF-Role. [TR: If true...Can I please come teach my class at my alma mater? I’ll give you a friends and family discount!] https://t.co/vNGTKtX6yL
— Teri Radichel #cybersecurity #training (@TeriRadichel) July 30, 2019
Years ago, one of my former bosses went to D.C. to warn a House Committee that the U.S. private sector was woefully and dangerously underprepared for cyber threats. The GOP “poo-poohed” him (and our firm). https://t.co/r4pHhoQhRH #CapitalOne #HouseRepublicans #CyberSecurity #USA
— Michael P. Williams (@PhillyComptonMW) July 30, 2019
One of biggest breaches in #FinancialServices ever: @CapitalOne #hackers stole >100 million customers' #data
— Rahul Ranjan ?? (@contact2r) July 31, 2019
With #data among people's most valuable assets, this is stark reminder of importance of #CyberSecurity for #bankshttps://t.co/uzv7Z4STtA #Banking #Finserv #CyberAttack
“The F.B.I. agent who investigated the breach said in court papers that Ms. Thompson had gained access to the sensitive data through a “misconfiguration” of a firewall on a web application.” https://t.co/tWJh0po2Lb #Cybersecurity #DigitalResilience
— RedSeal (@RedSeal_co) July 30, 2019
Another day, another preventable breach. A firewall misconfiguration enabled the hacker to access folders or buckets of data in Capital One's AWS storage space. https://t.co/d34KdWqUpI #CapitalOneBreach
— Zscaler (@zscaler) July 30, 2019
Seattle woman is charged in massive data breach at Capital One. Feds say Paige Thompson obtained personal data of over 100 million people and then bragged about the hacking. https://t.co/G76j9OzhKx
— Jim Roberts (@nycjim) July 30, 2019
Capital One Says Hacker Stole Data of About 100 Million People - The New York Times https://t.co/eOvDpp5tlh
— earthangel (@FiFiEarthAngel) July 30, 2019
Dear hacker - while you’re busy taking the data from @CapitalOne do you think you could stop by and collect the thousands of wasteful pieces of junk mail I’ve received from them over the years? https://t.co/zsu1TA3iZk via @nytimes
— Elie Finegold (@ElieFinegold) July 30, 2019
Capital One Data Breach Compromises Data of Over 100 Million
— Kenn-Do???☮☸♌ ?#ResistHarder (@sedakennedy) July 30, 2019
A software engineer, facing federal charges in Seattle, was accused of gaining access to 140,000 Social Security numbers and 80,000 bank account numbers. https://t.co/LSNdnhk8mR
AG @JoshStein_ is extremely concerned about the Capital One data breach. Our office is asking questions to find out how many North Carolinians' data is at risk. https://t.co/mO1z2Lbio4
— NC Attorney General (@NCAGO) July 30, 2019
We need some @BlueOceanStrtgy to change the way we identify ourselves. SSN, birthdates and mother's maiden names - they should all be considered in the public domain by now. https://t.co/JDBRQFxPO4 | #identitytheft #capitalone #cybersecurity #digitalidentity #datatheft
— Darcy Kieran (@DarcyKieran) July 30, 2019
Capital One thinks it's "unlikely" the hacker sold account numbers/SSNs, but in 2019 people should presume their financial data is compromised.
— Justin Brookman (@JustinBrookman) July 30, 2019
You should freeze your credit. And the law should be updated to make credit freeze the default state. https://t.co/3h8b9PSsD4
The Capital One data breach reinforces the need to continuously test for vulnerabilities and risk across applications and infrastructure #cybersecurity #databreachhttps://t.co/WoPaToJDh0
— ZeroNorthSec (@ZeroNorthSec) July 30, 2019
Lesson for hackers in the Capital One data theft that included 140,000 social security numbers: If you’re trying to look stealthy online as you boast about your hack, don’t also post a photo of a veterinarian bill that has your full name on it. https://t.co/e6vKxL6uCS
— Emily Flitter (@FlitterOnFraud) July 30, 2019
Leave it to @CapitalOne to peddle their credit cards on the same day they announce a massive data breach... At least they’re not exploiting dogs to do it like @WellsFargo does. https://t.co/lWiWyskpGV pic.twitter.com/2jRjBvCNYI
— Wells Fargo Fraud (@WFB_Fraud) July 30, 2019
So this is my bank and this is about the 6th time this year I have been exposed in a data breach. I don't want credit monitoring, I want banks and credit agencies to pay us when they act carelessly with our data. @ewarren this seems like your wheelhouse. https://t.co/LVwRGcMUH1
— The Mercenary (@themercenary) July 30, 2019
Do you now wish you had left home without IT? Wonder if they got Sam Jackson's social too ...
— davd soul (@davdsoul) July 30, 2019
Capital One Says Hacker Stole Data of About 100 Million People https://t.co/zMAuE5d3VB
Capital One Says Hacker Stole Data of About 100 Million People.
— Innovative Native (@PernellThomas) July 30, 2019
Yikes
https://t.co/7trg2v48sq
Leaky Amazon S3 + firewall rule failure = Massive disclosures.... Add a chatty Twitter user plus Github evidence, and one has a Federal Indictment ? #cyber #cloud #security #evidence https://t.co/fJOpTWDP5E
— David Batz (@DavBatz) July 30, 2019
so this "hacker" found a badly configfured s3 bucket owned by a giant multinational bank (!), and then checked the leaked data into her personal github?...
— ? 7️⃣ (@whiskeyseven) July 30, 2019
i'm having trouble adding up all the stupid herehttps://t.co/rhxhCbitDQ
Capital One set up an email address for tips from "white hat" hackers. On July 17, the company got a hit. https://t.co/5woVltHLDP via @business
— Joe Connolly (@JoeConnollybiz) July 30, 2019