The Technical Side of the Capital One AWS Security Breach

August 3, 2019

Table of Contents

On July 19th, 2019 Capital One got the red flag that every modern company hopes to avoid – their data had been breached. Over 106 million people affected.

140,000 Social Security numbers. 80,000 bank account numbers. 1,000,000 Social Insurance Numbers.

Pretty messy right? Unfortunately, the 19th wasn’t when the breach occurred.

It turns out that Paige Thompson, aka Erratic, had done the deed between March 22nd and March 23rd 2019.

So almost 4 months earlier. In fact, it took an external tip for Capital One to realize something had happened.

So almost 4 months earlier. Though the former Amazon employee has been arrested and is facing $250k in fines and 5 years in prison…it’s left a lot of residual negativity. Why?

Because of many of the companies who’ve suffered data breaches try to brush off the responsibility of hardening their infrastructures and applications to the increased cyber crime.

Source: jcolemorrison.com

Key Conjurer: Our Policy of Least Privilege

Hi, my name is Reza Nikoopour and I’m a security engineer on the Security team at Riot. My team is responsible for securing Riot infrastructure wherever we’re deployed – whether that means internal or external data centers or clouds. We provide cloud security guidance to the rest of Riot, and we’re responsible for Key Conjurer, our open source AWS API programmatic access solution.

AWS Security Hub Now Generally Available

I’m a developer, or at least that’s what I tell myself while coming to terms with being a manager. I’m definitely not an infosec expert. I’ve been paged more than once in my career because something I wrote or configured caused a security concern.

The Technical Side of the Capital One AWS Security Breach

Tags :

Share :

Related Posts

Key Conjurer: Our Policy of Least Privilege

AWS Security Hub Now Generally Available

Simplify DNS management in a multi-account environment with Route 53 Resolver