Configuration Issue In Servers Led To Capital One Data Breach

Paige Thompson’s ability to hack into Amazon’s metadata service is what allowed for the theft of 106 million Capital One financial records.

Thompson’s hacking techniques were only determined because of posts that she had made on online forums. Amazon’s metadata services hold key pieces of information needed to manage servers in the cloud. Essentially, having these key pieces of information will give you access to the servers’ most valuable data.

Initially, Thompson conducted a scan of the internet. The scan was aimed at finding computers that could give access to a company’s internal networks. The scan revealed a computer that bridged access between the public internet and the company’s secured network.

Once Thompson had the credentials, it became easy to download sensitive information. A configuration problem is what made accessing the secured network possible without triggering the alarm system. Amazon says that it has monitoring tools aimed at preventing the exploitation of these misconfigurations.

The hacking of Capital One’s servers occurred on March 12 and went unnoticed for 127 days. Security professionals have warned that the vulnerability of the metadata service could lead to the breach of sensitive information. These warnings can be traced to at leas 2014. A previously known configuration issue made it easy for a hacker to scan and find the vulnerability needed to reach sensitive information.

Read full story here.

Source link