Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Capital One Breach Affects 100M US Citizens, 6M Canadians
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/6/2019 | 12:57:25 PM
Re: Cost Aptly put, but I would say instead
"Who's in your wallet?"
User Rank: Ninja
8/1/2019 | 7:58:53 AM
Re: Sophisticated?
Man I agree with you, they saw a firewall rule on the ACL list that pointed to a TOR site. I mean how obvious can it be. In addition, she was an ex programmer who was directly involved with the project. All you have to do is whittle it down, who worked on the project, who left, who was disgruntled and who had full access to the private/secret keys? There you go - Paige Thompson.

The Geek wire stated this:
100 million people in the U.S. and 6 million people in Canada were affected in total.

 I do understand Canada was affected, but we are talking apples to oranges here when we look at the sheer number, this is astounding.

This is what CapitalOne said:
Capital One said it is "unlikely that the information was used for fraud or disseminated by this individual." No credit card account numbers or log-in credentials were compromised.

To your point, this is "Hog Wash", lol. The marketing team is working their hardest to try and clean this up, but seriously, whoever has this data and this data was on a TOR site, they are looking for "black market" purchasers to buy this data, it may not be now, but it is a matter of time, she is just the fall person.

By the way, this is what she said (Dummy):

Soper did a great job in reporting - CapitalOne Reporting

But to your point, people talk too much, she was over her head.

User Rank: Ninja
7/31/2019 | 9:20:54 AM
Re: Cost
In a nutshell:  What's in your wallet?  (Nothing after I get through with it) 
User Rank: Ninja
7/30/2019 | 2:18:42 PM
So ..... the discovery was ....
A git-hub user.  Not in Cap One, not in their staff ---- nope, somebody totally outside the firm noticed data and was kind enough to make a phone call.  Gee, isn't that special as THE CHURCH LADY used to say.  Of course the thief also bragged about it on social media - also stupid.  But plenty of that at Cap One apparently.  NOBODY NOTICED?????

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-09-24
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an e...
PUBLISHED: 2021-09-24
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
PUBLISHED: 2021-09-24
x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks '\0' termination.
PUBLISHED: 2021-09-24
vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VP...
PUBLISHED: 2021-09-24
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header.