Capital One has revealed that it experienced a massive data breach affecting the personal data of 100million individual and small business applicants who applied to Capital One for credit cards and lines of credit. That data was stored in the cloud on Amazon, and Paige Thompson, an ex-Amazon cloud worker from Seattle, is the prime suspect.
(Don’t have a Capital One credit card or line of credit, and think you can breathe easy? Here’s a list of stores that Capital One provides store credit cards for: Bass Pro Shops, Bergdorf Goodman, Cabela’s, Costco*, Dress Barn, Furniture Row*, GM, Helzberg Diamonds, Justice, Kohl’s, Lord & Taylor, MyMaurices, Menards, Neiman Marcus, Polaris Star*, Saks, Teamsters, and Union Privilege. All store names taken directly from Capital One site other than those indicated with an *, which we found elsewhere so may or may not be current. They also just took over provisioning the Walmart card.)
So another breach, by another hacker, taking advantage of another vulnerability. What is different this time is that the authorities – notably the FBI – were able to track down and arrest the perpetrator in record time. Of course, this is because that perpetrator, Paige Thompson, who used the handle ‘Erratic’ on social media, bragged about her exploits on both Slack and Twitter.
The other thing that is different is that this is the first time in memory that it has been so publicly acknowledged – so blindingly clear – that our personal data is being stored in the cloud by big companies who hold our most intimate personal data and that the cloud is just another word for somebody else’s computer!
In fact, Paige Adele Thompson, the accused hacker, worked at Amazon as a software engineer, working on Amazon AWS (Amazon Web Services). Her LinkedIn profile is curiously 404ing (meaning it throws a 404 page not found error – or perhaps that should be a “Paige not found”error), but even the small blurb on Google pretty much says it all.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Thompson had deep understanding of how cloud storage on Amazon works. And Capital One, like so many other big data-holding companies chooses to store their data – including their sensitive data which is really our personal data – on third-party cloud storage providers, one of the biggest being Amazon.
It was only a matter of time before a massive data breach was going to happen with cloud-stored data. And that time was now.
On July 18th Thompson tweeted from her Twitter account, replying to Ryan Stalets, who tweeted information having to do with AWS. Stalets had tweeted about looking for cloud credentials, using AWS as an example, saying:
Look for cloud creds (below for AWS).
$ ls ~/.aws
$ curl
Then if there’s a role attached
$ curl
$ env
Thompson replied “Oh if you only knew friend, if you only knew”, almost certainly an allusion to how she had hacked the Capital One data that was stored in Amazon’s cloud services.
In a press statement about the breach put out yesterday, that Capital One pithily titled Capital One Announces Data Security Incident, Capital One says that they “determined” that there was a data breach on July 19th.
“Capital One immediately fixed the configuration vulnerability that this individual exploited and promptly began working with federal law enforcement. The FBI has arrested the person responsible and that person is in custody. Based on our analysis to date, we believe it is unlikely that the information was used for fraud or disseminated by this individual. However, we will continue to investigate.”
The statement further explains that “Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada,” adding that “No bank account numbers or Social Security numbers were compromised, other than:
About 140,000 Social Security numbers of our credit card customers
About 80,000 linked bank account numbers of our secured credit card customers”
Capital One will be offering free credit monitoring to those affected.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
