Capital One Breached: Who’s in Your Wallet?

Next: Laws, Questionable Fines, and Black Hat Prep? -...
Previous: C-Level Lessons: The Rising Cost of a Data...
August 13, 2019

Brittney serves as Product Marketing Manager at Terbium Labs and loves research, technology, and Idris Elba though not necessarily in that order. Some say on quiet nights, if you hold your laptop up to your ear, you can hear her typing blog posts to “Reynes of Castamere."

Introduction

Capital One was hacked on March 22 or 23, 2019 and no one at the company knew about it until an anonymous security researcher tipped them off, four months later. Even though the stolen information and information concerning it was posted explicitly on open online platforms like Github and Twitter. The company’s stock was down more than 5% the day after the story of the breach broke.

What Happened

A reported 106 million people between the United States and Canada have had their credit card application details stolen These details include addresses, reported income, email addresses, phone numbers, and dates of birth. Additionally, 140,000 social security numbers, 80,000 bank accounts, and fragments of transaction data were compromised.

Cap1_Image1.png

(Image: CyberInt/supplied)

The hacker left a trail across social media, posting her methodology on Twitter and then dumping the data on her Github profile. Seemingly, she wanted to be caught, or she’s a terrible criminal. Either way, the FBI was able to track her down via her LinkedIn profile which she had a link from her Gitlab profile. She also registered on Github with her real first, middle, and last name, Paige A. Thompson.

Capital One, unfortunately, ended up in yet another classic breach scenario, learning about the breach several months after it occurs and being notified by a third party.

Cap1_Image2.png

(Image: CyberInt/supplied)

Paige A. Thompson, going by the alias ‘erratic’, was arrested and charged with computer fraud and abuse on Monday, July 29th. She faces a five-year prison sentence and a fine of up to $250,000 if convicted.

How did This Happen? A Serial Hacker? An Insider Attack?

As if 106 million personal records weren’t enough, the press is now reporting that other companies may have been breached and had information exfiltrated by Paige. Her previous work at Amazon, and the fact that the stolen data originated from Amazon Web Servers, have led some to speculate that Paige may have used her experience there to exploit vulnerabilities known to her over the years. If she did, expect disclosures from some of the world’s most well-known companies. From Avis to Zynga, any number of companies could have been compromised, making Paige a potential serial hacker. Breaching company after company, stealing data and dumping it on Github and Slack.

Cap1_Image3.png

(Image: CyberInt/supplied)

Slack comments found by Brian Krebs of KrebsOnSecurity, the security news site, indicates that she may have exfiltrated tens of gigabytes of data. While CyberInt has reported Vodafone, Ford, Michigan State University, Apperian, Infoblox, Wakoopa, and the Ohio Department of Transportation could also have been victims of a breach by Paige.

What This Means For You

For the Infosec community, Amazon has stated that “AWS was not compromised in any way and functioned as designed,” noting that the reason for the breach was a misconfiguration of firewall settings on a web application, which was managed by Capital One. In other words, “It’s Capital One’s nightmare and we weren’t even in the room.”

Fortunately, there are ways to mitigate the damages and reduce costs after a mega-breach. Employing a solution like Matchlight, that can shorten the time to discovery and possibly reduce negative impact to shareholder value is one of them.

Don’t wait to be breached. Terbium Labs’ Matchlight can help you retain shareholder value, identify risks, and keep third-parties from emailing you after midnight, to say your company was breached four months ago.

To learn more about Terbium Labs’ Matchlight and how it can help you proactively address data compromise and mitigate business risk to your company, contact us or visit our resources page to explore more about our approach to data monitoring.

RELATED ARTICLES
analysis June 24, 2019
New Research: Terbium Labs Uncovers Pervasive Links Between Fraud and Transnational Crime

Terbium Labs investigated the links between payment fraud and serious transnational crime. This research begins to fill a gap in understanding about the use of fraudulent financing in some of the most heinous crimes...

industry June 10, 2019
Moody’s Equifax Downgrade: What it Means for the Future

In this post, we will discuss the reasons for Equifax’s outlook downgrade from stable to negative and possible future credit rating downgrade by Moody’s Investor Service. We will also take a look at the...