It’s perfectly possible to demonstrate that a security issue exists without stealing that volume of data. During a search of Thompson’s bedroom, the FBI seized a number of devices – which it is claimed contained files that referenced Capital One, Amazon, and her “erratic” alias.ĭownloading 100 million records doesn’t sound like the kind of behaviour you would expect to see if someone was trying to raise the alarm about a configuration problem. Perhaps coincidentally, Paige Thompson’s online résumé (which contains her full name, address, and phone number) says that she was an Amazon S3 systems engineer from May 2015 to September 2016.Īccording to the FBI, a deeper investigation uncovered private Twitter direct messages between Thompson and the individual who ultimately informed Capital One of the breach, as well as conversations in a Slack group.Īrmed with this and other information it didn’t take the FBI long to track down their suspect and arrest her yesterday at the house where she lives in Beacon Hill, south east Seattle. The Github account storing the stolen data was in the name of “paigeadelethompson.” Let me know if you want help tracking them down, ![]() There appears to be some leaked s3 data of yours in someone’s github / gist However, it seems that the investigation only began after a security researcher who was an acquaintance of the alleged hacker emailed the firm’s responsible disclosure program two days earlier, telling the company that sensitive data from its cloud-based Amazon Web Services’ S3 bucket was present on Github. In a statement posted on its website, Capital One blames a “configuration vulnerability” for the security breach which allowed the hacker to access the sensitive information.Ĭapital One determined on July 19 that an outside party had managed to access its systems without authorisation, and began working with federal law enforcement.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |