Capital One Data Breach - Over 100 Million Users AffectedsteemCreated with Sketch.

in security •  5 years ago 

I was trying to share the news on the Capital One data breach through Share2Steem and it was not successfully posted here on Steem. This is the 2nd time it failed and I guess @share2steem is officially down? I headed over to their profile page and there isn't an official announcement of them being shutdown. However, they have not been posting for the past 2 weeks and that is kind of weird as they used to be quite active.

In any case, here is what I intended to share:


My original Tweet:

Yet another data breach. This time over 100 million Capital One users' personal data is exposed. The breach happened in March, but the company only announced it now. The responsible individual is reportedly arrested though

Link to news article

image.png

#hack #breach #share2steem

Here is the link to my Tweet:
https://twitter.com/CryptoCulgin/status/1155995800456978442


Some key numbers

Capital One said the incident affected approximately 100 million people in the United States and six million in Canada.

That data included approximately 140,000 Social Security numbers and approximately 80,000 bank account numbers on U.S. consumers, and roughly 1 million Social Insurance Numbers (SINs) for Canadian credit card customers.

Official statement can be found here.


Paige A. Thompson

Paige A. Thompson was arrested and charged for this hacking incident. She is an ex-employee for Amazon and interestingly, the data breached was stored on Amazon. Although Amazon denied that the breach was due to poor security on Amazon services, this incident came at the wrong time when the US Department of Defense is considering to award Amazon the $10b worth of contract.

Paige A. Thompson allegedly used web application firewall credentials to obtain privilege escalation. From there she managed to pivot and got hold of the data which she subsequently transferred to GitHub.


Key learning point

While the incident is still being investigated, so far it appears that Amazon is not to be blamed for the incident. Though some might consider Paige A. Thompson a insider threat, the fact remains that she left Amazon 3 years ago but the breach happened between 12th March and 17th July this year. The key learning point here is to recognize that the onus is still on the cloud customer to secure their credentials on the cloud.

There is a concept of "Shared Responsibility Model" and all cloud customers need to understand so that they are clear about their security responsibilities in the cloud.

image.png

In this model, cloud customers are always responsible for the data stored in the cloud. That is why we, being security practitioners, always encourage companies to encrypt sensitive data that are stored in the cloud. In the case of Capital One, their client's social security numbers and credit card information are certainly sensitive data that should be encrypted during storage. However, it seems, in this case, they are not.


The "Raise to 50" Initiative

Under 50 SP and finding it hard to do much on this platform? I might just be able to raise your SP to 50. Check this post to find out more!


This article is created on the Steem blockchain. Check this series of posts to learn more about writing on an immutable and censorship-resistant content platform:

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

This sounds/looks like a serious case. Over 100 million in US and 6 million in Canada affect. Hmm...🤔

Yes it is quite serious. Will go down in history as one of the largest data breach

Posted using Partiko Android

wow...

Just this week, I tried posting using @share2steem and it is not working.
Hope we can read some notice from their team.🤔

Posted using Partiko iOS

I think the service is down. They likely found it not profitable anymore to maintain the service and just quietly left

Posted using Partiko Android

☹️

Posted using Partiko iOS

Thank you so much for participating in the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!

Hi @culgin!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 3.982 which ranks you at #4056 across all Steem accounts.
Your rank has improved 89 places in the last three days (old rank 4145).

In our last Algorithmic Curation Round, consisting of 243 contributions, your post is ranked at #234.

Evaluation of your UA score:
  • You're on the right track, try to gather more followers.
  • You have already convinced some users to vote for your post, keep trying!
  • Try to work on user engagement: the more people that interact with you via the comments, the higher your UA score!

Feel free to join our @steem-ua Discord server