Capital One Data Breach

Anonymous · ‎07-30-2019

@longtimelurker wrote:
@mikesonthemend wrote:
And now they are the cloud provider for the Pentagon. Bezos used to only hate those he wrote checks to. Now he is screwing all of us.
It's not really AWS that's at fault, as it does provide the necessary controls. It's that companies using it don't always set it up correctly, exactly as with anything else!

@mikesonthemend: The way I said 'yet another AWS attack' may have given the impression that it's Amazon's fault, but it really isn't. @longtimelurker is right.

There's been a lot of data breaches in the past couple of years that involve various company's misconfigured AWS instances. In the information security community (InfoSec), most people just roll their eyes when they see the inevitable 'AWS' mention.

But the blame really can't be placed on Amazon, just like Microsoft shouldn't be blamed if someone opens their Azure cloud data to the world.

(See here for some other different company data that may have been compromised in this same attack. AWS is the backbone for a lot of popular websites.)

iced · ‎07-31-2019

@Anonymous wrote:
How the heck is the charge for this so low? 5 years and $250K is a slap on the wrist! You pull something like this, it should be 20-life. It’s the only way they will ever discourage these breaches.

You can make it automatic death penalty and it won't discourage these breaches. For every idiot in Seattle who brags to their friends that they effectively stumbled on data, there's 10 break-ins from hosts in countries lacking extradition or even information exchange. Unless the Feds get lucky and pull a Dmitri Skylarov, there's generally bupkis they can do about it other than issue arrents warrants in case of the unlikely day the perp sets food on US soil.

iced · ‎07-31-2019

@DoogieBall wrote:
@CreditInspired wrote:
And for the hacker to boast on social media about her impending misdeed. I guess this was her one-day in the sun while million of people whose information is exposed suffer. Just SMH in disgust.
She'll probably get hired at an eight-figure salary by Cap1 and all other CC companies to beef up their online security.

I think you've greatly overestimated how much skill is required to pull off such a breach as this one. Many of the most damaging data breaches in history were performed by l33t h4x0rs whose immense skillset amounted to the abiliity to subscribe to mailing lists, download openly available programs, and/or commit fewer than 3 spelling errors per 100 words.

Anonymous · ‎07-31-2019

@iced wrote:
@DoogieBall wrote:
@CreditInspired wrote:
And for the hacker to boast on social media about her impending misdeed. I guess this was her one-day in the sun while million of people whose information is exposed suffer. Just SMH in disgust.
She'll probably get hired at an eight-figure salary by Cap1 and all other CC companies to beef up their online security.
I think you've greatly overestimated how much skill is required to pull off such a breach as this one. Many of the most damaging data breaches in history were performed by l33t h4x0rs whose immense skillset amounted to the abiliity to subscribe to mailing lists, download openly available programs, and/or commit fewer than 3 spelling errors per 100 words.

This. I do security and the tools are readily available, it's just a matter of who finds the right door to knock on.

Anonymous · ‎08-19-2019

I received the letter from Cap1, my data was compromised. I knew it was coming because I have a secured card. So unlike the others who were compromised the secured card users also had their bank account info as part of the breached data. Oh joy. I shut down that bank account.

Anyone signed up for the credit monitoring? It seems to be junk. Trueidenity is free service from Transunion that I am already signed up for. Mytrueidentity (also TU) is the exact same service with some identity theft insurance tossed in.

Re: Capital One Data Breach

Re: Capital One Data Breach

Re: Capital One Data Breach

Re: Capital One Data Breach

Re: Capital One Data Breach