25 jul 2019 año - Data Breach CapitalOne 106 million

Descripción:

a hacker gained access to more than 106 million Capital One customers' accounts and credit card applications earlier this year (100 million in the United States and 6 million in Canada)

Paige Thompson posted the information on GitHub, using her full first, middle and last name. She also boasted on social media that she had Capital One information.

Leak:
- names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income
- 140,000 Social Security numbers of our credit card customers + 80,000 linked bank account numbers of our secured credit card customers.

Paige exploited a misconfigured web application firewall:

June 27, 2019 - Slack - paigeadele - <erratic>APP
Im just configuring everyone one at a time to route over ipredator instead of the gw to the internet
I’ve also got a leak proof IPredator router setup if anyone need its {gist}
Im like > ipredator > tor > s3 on all this shit

Comment: paigeadele describing her tools of choice to hide her initial probes and subsequent access to S3 buckets.

June 16, 2019 - Twitter- Erratic @0xA3A97B6C tweets techniques
And then I hack into their ec2 instances, assume-role their iam instance profiles, take over the [sic] account and corrupt SSM, deploying my backdoor, mirror their s3 buckets, and convert any snapshots i want to volumes and mirror the volumes i want via storage gateway

Then i launch an instance into their vpc with access to aurora, attach the correct security profile and dump your mysql to local 32tb storage, luks encrypted, perhaps using a customer gateway to vpc ipsec session over openvpn, over socks proxies depending on how lucky im feeling

Añadido al timeline:

fecha: