INTRODUCTION

Capital One was hacked on March 22 or 23, 2019 and no one at the company knew about it until an anonymous security researcher tipped them off, four months later. Even though the stolen information and information concerning it was posted explicitly on open online platforms like Github and Twitter. The company’s stock was down more than 5% the day after the story of the breach broke.

WHAT HAPPENED

A reported 106 million people between the United States and Canada have had their credit card application details stolen These details include addresses, reported income, email addresses, phone numbers, and dates of birth. Additionally, 140,000 social security numbers, 80,000 bank accounts, and fragments of transaction data were compromised.

(Image: CyberInt/supplied)

The hacker left a trail across social media, posting her methodology on Twitter and then dumping the data on her Github profile. Seemingly, she wanted to be caught, or she’s a terrible criminal. Either way, the FBI was able to track her down via her LinkedIn profile which she had a link from her Gitlab profile. She also registered on Github with her real first, middle, and last name, Paige A. Thompson.

Capital One, unfortunately, ended up in yet another classic breach scenario, learning about the breach several months after it occurs and being notified by a third party.

(Image: CyberInt/supplied)

Paige A. Thompson, going by the alias ‘erratic’, was arrested and charged with computer fraud and abuse on Monday, July 29th. She faces a five-year prison sentence and a fine of up to $250,000 if convicted.

HOW DID THIS HAPPEN? A SERIAL HACKER? AN INSIDER ATTACK?

As if 106 million personal records weren’t enough, the press is now reporting that other companies may have been breached and had information exfiltrated by Paige. Her previous work at Amazon, and the fact that the stolen data originated from Amazon Web Servers, have led some to speculate that Paige may have used her experience there to exploit vulnerabilities known to her over the years. If she did, expect disclosures from some of the world’s most well-known companies. From Avis to Zynga, any number of companies could have been compromised, making Paige a potential serial hacker. Breaching company after company, stealing data and dumping it on Github and Slack.

(Image: CyberInt/supplied)

Slack comments found by Brian Krebs of KrebsOnSecurity, the security news site, indicates that she may have exfiltrated tens of gigabytes of data. While CyberInt has reported Vodafone, Ford, Michigan State University, Apperian, Infoblox, Wakoopa, and the Ohio Department of Transportation could also have been victims of a breach by Paige.

WHAT THIS MEANS FOR YOU

For the Infosec community, Amazon has stated that “AWS was not compromised in any way and functioned as designed,” noting that the reason for the breach was a misconfiguration of firewall settings on a web application, which was managed by Capital One. In other words, “It’s Capital One’s nightmare and we weren’t even in the room.”

Fortunately, there are ways to mitigate the damages and reduce costs after a mega-breach. Employing a solution like Matchlight, that can shorten the time to discovery and possibly reduce negative impact to shareholder value is one of them.

Don’t wait to be breached. Terbium Labs’ Matchlight can help you retain shareholder value, identify risks, and keep third-parties from emailing you after midnight, to say your company was breached four months ago.

To learn more about Terbium Labs’ Matchlight and how it can help you proactively address data compromise and mitigate business risk to your company, contact us or visit our resources page to explore more about our approach to data monitoring.