100 million Capital One customers hacked by this girl
Although legislation in various parts of the world has become much tighter on the protection of confidential information, multiple companies remain highly vulnerable to data breach incidents, affecting millions of users, as reported by experts in ethical hacking.
This time the turn is for the renowned bank Capital
One; according to reports, a hacker managed to access the records of
more than 100 million accounts of the bank’s customers and users of the
company’s app, making this incident one of the largest data breaches ever.
The bank has accused Paige Thompson, a former
IT engineer. According to the U.S. Department of Justice (DOJ), Thompson
accessed a bank server and compromised about 1 million Social Security numbers
from Canadian citizens and about 140k of U.S. residents, plus 80k bank account
numbers and one undetermined number of full names, addresses, credit histories,
and other confidential details of Capital One customers.
The incident affected more than 6 million
Capital One customers in Canada and 100k users in the U.S. However, the bank
ensures that your customers’ login credentials and credit card numbers are
secured.
According to ethical hacking specialists close
to the case, the bank filed a complaint against Thompson arguing that the
defendant planned to share the information with other unidentified actors
online. Previously, the 33-year-old had collaborated as a software engineer on
Amazon Web Services, which provides cloud hosting services to the bank. Capital
One maintains that Thompson entered the server by exploiting a misconfigured
firewall deployment. Finally, U.S. authorities arrested Thompson last Monday;
so far the defense has made no comment.
According to the bank’s ethical hacking staff,
the attack occurred sometime between March 22 and 23 and the compromised
records date back to 2005. Capital One added that the vulnerability in its
systems has already been corrected and assured that the likelihood of the
information being used for malicious purposes is low, as the person responsible
was stopped before she could sell the stolen data. “We apologize for the
inconvenience this has caused, activity on our systems will be restored
shortly,” said Richard Fairbank, CEO of Capital One.
According to ethical hacking specialists from
the International Cyber Security Institute (IICS), the defendant would have
posted the stolen information on GitHub
using her full name, in addition, through her social media profiles, claiming
to have access to millions of company records.
In addition, Thompson used a channel from the
corporate chat service Slack to explain the method used to access the bank’s
servers. “The defendant claims to have put in place a special command to
extract the company files stored on Amazon Web Services,” the DOJ said.
The defendant made no attempt to conceal her
identity; According to the reports, she identified herself in Slack using the
nickname “erratic”, which was the same name that Thompson used on her
Twitter account and on other platforms, such as the Meetup chat service. After
the information was posted on GitHub, a user informed Capital One, which in
turn reported the incident to the FBI, which accomplished Thompson’s
apprehension, who has allegedly acknowledged that she acted for malicious
purposes.
(Visited 13 1 times)
Gloss