Search the Community
Showing results for tags 's3'.
Found 2 results
-
I've emailed Akamai, it appears to be some kind of managed multi CDN solution. Data contains IP address, request URL, browser agent, date and time. Screenshot, not exhaustive obviously.
-
Indictment PDF: https://www.dropbox.com/s/z7u5rxcdajuvw6t/19718675504.pdf?dl=0 A bunch of things stand out: Why did the WAF account apparently have access to the S3 storage buckets? Why wasn't the data of hundreds of millions of people's credit checks encrypted? Should that kind of data have been left for so long in cloud buckets? Why didn't they notice all these S3 buckets being sync'd to a random VPN IP address? It happened 4 months ago. Why didn't they notice the Gitlab pages listing their config? Why didn't they notice until somebody random emailed them to tell them? I don't know if more details will go public (they probably don't want it to get to trial for obvious reasons). I guess lessons learned from outside looking in is: - Monitoring. Ingest your cloud logs. Alert against them. Monitor sites like Github and Gitlab for obviously sensitive information, e.g. usernames, bucket names etc. And yes, this is the kind of incident that would (and still will) catch many orgs with their pants down, Capital One aren't alone. It looks like the same person behind this one hit other fintech orgs too, looking at their online files - I'm going to guess they haven't noticed yet either.
- 2 replies
-
- breach
- capital one
-
(and 2 more)
Tagged with: