
Some thoughts on Capital One data breach - danTheFounder
Capital One was hacked by a software engineer. 
Once again, S3 bucket got hacked because of one misconfiguration. And it contains millions of people&#x27;s personal information and credit history. Some thoughts on what happened to Capital one (3rd Credit Card issuer in the world)
- If one misconfiguration can lead to massive data breach (including encrypted data), and it happens again and again, this cloud provider probably needs to improve its security design.
- Security is hard and it&#x27;s even harder in the cloud. But can you ask more often &quot;What Could Go Wrong&quot; if your job is to defend millions of people&#x27;s credit card information.<p>(FBI report: https:&#x2F;&#x2F;www.justice.gov&#x2F;usao-wdwa&#x2F;press-release&#x2F;file&#x2F;1188626&#x2F;download)
======
danTheFounder
Here are the pages of the report that make me upset: \- Page 6, paragraph 10 :
"A firewall misconfiguration permitted commands to reach and be executed by
that server, which enabled access to folders or buckets of data in Capital
One's storage space at the Cloud Computing Company" \- Page 8, paragraph 14:
"According to Capital One, the data copied from Capital One's data folders or
buckets includes primarily data related to credit card applications. Although
some of the information in those applications (such as SSN) has been tokenized
or encrypted, other information including applicants' names, addresses, dates
of birth and information regarding their credit history has not been
tokenized. According to Capital One, the data includes data regarding large
numbers of applications, likely tens of millions of applications. According to
Capital One that dta includes approximately 120,000 SSN and approximately
77,000 bank account numbers.

