Top Ten: Things Learned About the Capital One Breach

This week saw a new data breach being reported, as credit card and financial services provider Capital One suffered the loss over 100 million credit card details and social security numbers. Infosecurity took a look at the top 10 findings so far:

1. The data breach affected around 100 million people in the US, and six million in Canada. Also, 1% (140,000) of the social security numbers held by the company were affected, as were 80,000 linked bank account numbers
2. The bank blamed a “configuration vulnerability” and it is known that the attacker exploited a weakness in the configuration of perimeter security controls to gain access to sensitive files housed in cloud storage
3. The customer data was exfiltrated from an AWS S3 data storage service to a Github site
4. AWS was reported to have cited that the breach was due to a “vulnerable configuration” that was not related to their S3 service
5. It was also believed that a vulnerable misconfigured web application firewall (WAF) could have been to blame
6. The intrusion occurred on March 22 and 23 of this year
7. Capital One benefited from a tip-off via its own responsible disclosure program on July 17
8. The attacker was named as Paige Thompson, a former Capital One employee who also worked for AWS
9. The attacker was caught so quickly because of her bravado on public chats
10. The attacker was able to obtain certain types of personal information relating to people who had applied for credit card products. It is also believed that it is unlikely that the information was used for fraud or disseminated

UPDATE

With regards to point three, a GitHub spokesperson sent Infosecurity this statement:

“GitHub promptly investigates content, once it's reported to us, and removes anything that violates our Terms of Service.

"The file posted on GitHub in this incident did not contain any Social Security numbers, bank account information, or any other reportedly stolen personal information.

"We received a request from Capital One to remove content containing information about the methods used to steal the data, which we took down promptly after receiving their request.”