Last week we read in the news how the fifth-largest credit card issuer, Capital One was the victim of a cyberattack. A former Amazon cloud-computing employee or now, as they say, a hacker named Paige Thompson decided to get into the system and compromised data of 106 million users. The company was known for having a security team that is strong and smart.
An analysis by a journal showed that Thompson was able to exploit the security system by finding a loophole in the planning. The professionals at Capital One were aware of this hole for years. Thompson decided to hit Amazon’s cloud service technology core to get access to the company’s metadata service.
This access to the core helped her reach the part where the data and credentials responsible for storing the critical cloud servers was present. She then tested several computers and networks for security loopholes and finally she was able to get in the Capital One computers which she said were misconfigured.
According to the journal, she was posting direct messages on public message boards saying how so many people are doing it wrong with their security services. This breach has to lead many professionals and media to criticize the way Amazon is practicing things and how the company does not alert its customers about the misconfigured data.
This breach isn’t the first one in the history of computing, but this level of breaching has caught the attention of Federal Reserve and how they are concerned about the concept of cloud computing and cloud storage of financial data.