---

@CreditInspired wrote:
And for the hacker to boast on social media about her impending misdeed. I guess this was her one-day in the sun while million of people whose information is exposed suffer. Just SMH in disgust.

---

She'll probably get hired at an eight-figure salary by Cap1 and all other CC companies to beef up their online security.

  

R.I.P Cards 

I went to the Capital One site, and they have a link to a page about the breach.  I just had to shake my head at the following statement in that page.  I guess they figure the statement "No bank account numbers or Social Security numbers were compromised, other than:" makes it better - unreal:

So I was logging into my Capital One account when I noticed a link at the top that said, "Click here for information on Capital One's cyber incident." 

Here's a snapshot of what happened: 

I especially like the part where they say "No bank account numbers or social security numbers were compromised, other than..." 

I think I've found the sacred map that may lead me to this garden everyone keeps talking about.



Officially collection free as of 3/19/19!!
STARTING SCORES: 377 (11/2013) & 580 (3/2018)

---

@mikesonthemend wrote:

---

@Anonymous wrote:

So yet another Amazon Web Services attack. In the complaint filing (PDF link) with the U.S. district court they call it the "Cloud Computing Company", but everyone knows who the company is at this point.

 

The way into AWS is so well known at this point. I mean, it's just so simple to avoid what happened in this case.

"If you can, use IP whitelisting to limit access to your web applications. AWS makes it very easy to limit specific ports and traffic only from specific IP addresses. This is all managed through a tool called “Security Groups.” They’re super easy to set up."

( Secure Cloud Computing: 7 Ways I’d Hack You On AWS )

 

The perpetrator even wrote on a Slack channel: "i'm like ipredator > tor > s3 on all this ****"

 

IPredator is a VPN. TOR is the The Onion Router network. IP whitelisting would have stopped any connection from a TOR exit node. 2-factor authentication with geofencing is pretty common too. I have to use it just to access one-way read-only factory floor machine data.

 

Oh well...it's just bank data, right?

---

And now they are the cloud provider for the Pentagon. Bezos used to only hate those he wrote checks to. Now he is screwing all of us.

---

It's not really AWS that's at fault, as it does provide the necessary controls.   It's that companies using it don't always set it up correctly, exactly as with anything else!

---

@Anonymous wrote:

Does that mean debt forgivness for those of us with active accounts with them? SMH. Bet some or most will only get free equifax or experian services and call it a day. 

---

Well, in general apart from punitive damages,  settlements are meant to be proportionate to actual damages.   My guess is that most people aren't going to be harmed in a way that justifies more than free monitoring.

The $125 from Equifax will be nice though

---

@gdale6 wrote:
And they all sit there and laugh. Equifax will pay 17% of one years profit for their epic breech, they are laughing as well, so will Cap-1 after the lawsuits, the people will get nearly zilch. Sick of it all.

---

Yes to this. Laws should be changed that automatically force companies to pay penalties to customers affected. On top of actual damages the customer incurs. We all know that will never happen though.

I love spending my morning changing username, passwords, secret questions, etc. really tests how much your anxiety can take before meltdown.