
Capital One Announces Data Security Incident - caruana
http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043
======
JDEW
> We believe that a highly sophisticated individual was able to exploit a
> specific configuration vulnerability in our infrastructure. When this was
> discovered, we immediately addressed the configuration vulnerability and
> verified there are no other instances in our environment.

In other words, someone didn't put a password on their S3 database exposed to
the internet...

~~~
dharmab
From reading news sites they were compromised by an Amazon employee,
exploiting a bad WAF role.

~~~
julsimon
An ex-AWS employee, who left 3 years before the facts took place.

------
wilde
> No bank account numbers or Social Security numbers were compromised, other
> than: About 140,000 Social Security numbers of our credit card customers
> About 80,000 linked bank account numbers of our secured credit card
> customers

This kind of double speak should double their fine.

