June 15, 2024

25 juill. 2019 - Data Breach CapitalOne 106 million


a hacker gained access to more than 106 million Capital One customers' accounts and credit card applications earlier this year (100 million in the United States and 6 million in Canada)

Paige Thompson posted the information on GitHub, using her full first, middle and last name. She also boasted on social media that she had Capital One information.

- names, addresses, zip codes/postal codes, phone numbers, email addresses, dates of birth, and self-reported income
- 140,000 Social Security numbers of our credit card customers + 80,000 linked bank account numbers of our secured credit card customers.

Paige exploited a misconfigured web application firewall:

June 27, 2019 - Slack - paigeadele - <erratic>APP
Im just configuring everyone one at a time to route over ipredator instead of the gw to the internet
I’ve also got a leak proof IPredator router setup if anyone need its {gist}
Im like > ipredator > tor > s3 on all this shit

Comment: paigeadele describing her tools of choice to hide her initial probes and subsequent access to S3 buckets.

June 16, 2019 - Twitter- Erratic @0xA3A97B6C tweets techniques
And then I hack into their ec2 instances, assume-role their iam instance profiles, take over the [sic] account and corrupt SSM, deploying my backdoor, mirror their s3 buckets, and convert any snapshots i want to volumes and mirror the volumes i want via storage gateway

Then i launch an instance into their vpc with access to aurora, attach the correct security profile and dump your mysql to local 32tb storage, luks encrypted, perhaps using a customer gateway to vpc ipsec session over openvpn, over socks proxies depending on how lucky im feeling

Ajouté au bande de temps:

7 janv. 2020


25 juill. 2019
~ Il y a 4 ans et 10 mois