Hacker News new | past | comments | ask | show | jobs | submit login

Right, but it wouldn’t have happened if they hadn’t had such lax security, and I would argue that capital one are liable here for failing to adequately safeguard consumer data. If you properly secure your stack, you don’t get hacked.

If they had fallen victim to some undisclosed zero-day, I’d feel bad for them - but in this case it appears to be misconfigured VPC SGs. Their error. Inadequate processes.

We are also all labouring under the assumption that she was the only person to make off with this data.

I’m willing to bet that she’s just the first one daft enough to talk about it.




"If you properly secure your stack, you don’t get hacked." Thats absolutely not true. You do reduce the chances of being hacked and you might reduce time it takes for you to discover the breach and you will be able to contain it quicker.


You vastly reduce the chances. It’s the difference between bothering to close the bank vault’s door when you go home at night or not.


> Right, but it wouldn’t have happened if they hadn’t had such lax security, and I would argue that capital one are liable here for failing to adequately safeguard consumer data. If you properly secure your stack, you don’t get hacked.

If the system was designed by humans, it can be hacked.


Especially if the bad guy used to work for your vendor.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: