Homepage This page's url is: -crn- Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Discover 2019 News Cisco Partner Summit 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom IBM Newsroom Ingram Micro ONE 2019 News The IoT Integrator Juniper NXTWORK 2019 News Lenovo Newsroom Lexmark Newsroom NetApp Data Fabric NetApp Insight 2019 News Cisco Live Newsroom HPE Zone Intel Tech Provider Zone

10 Things To Know About The Ex-AWS Worker Who Allegedly Hacked Capital One

Here's a deeper look at how Paige A. Thompson, 33, is alleged to have stolen the personal data of 106 million Capital One credit card applicants and users and how she ultimately ended up being arrested by authorities.

Back 1 ... 5   6   7   8   9   ... 11 Next

5. Thompson Allegedly Seized Upon A Firewall Misconfiguration To Go After Capital One

The complaint indicates that a firewall misconfiguration enabled Thompson to access folders or buckets of data in Capital One's AWS storage space. The GitHub file referenced in the vulnerability disclosure email was time-stamped April 21, 2019, and contained code for three commands as well as a list of more than 700 folders or buckets of data.

Taken together, the complaint said the commands made it possible for an adversary to obtain Capital One's credentials, list or enumerate folders or buckets of data, and extract data from certain folders or buckets. AWS itself wasn't compromised in any way, sources said, with Thompson allegedly gaining access due to a misconfiguration of the web application rather than the underlying cloud-based infrastructure.

The 700-plus folders and buckets listed in Thompson's April 21 GitHub file matched the actual names of folders or buckets of data used by Capital One for data stored at AWS, according to the complaint. The time stamp in Capital One's logs also matches the time stamp in the April 21 file, the complaint said.

Back 1 ... 5   6   7   8   9   ... 11 Next

sponsored resources