Capital One was hacked by a former female AWS engineer. 100M customers may be affected
This is what would happen if you hire tons of new grads to work with critical data and services... https://www.google.com/amp/s/www.geekwire.com/2019/seattle-engineer-arrested-capital-one-hack-affected-100m-people/amp/
Based on the criminal complaint, it looks like she was able to assume a role that she shouldn't have had access to, and that role allowed her to list and download the buckets. She was caught because she posted her script on GitHub and bragged about this there. https://www.justice.gov/usao-wdwa/pr/seattle-tech-worker-arrested-data-theft-involving-large-financial-services-company
Maybe it WAS a dude. Double diverse.
That's a man, baby... https://www.dailymail.co.uk/news/article-7299511/Ex-Seattle-tech-worker-arrested-Capital-One-hack-U-S-Justice-Dept.html
What I don’t get is why all this sensitive data was stored in plaintext.
It's possible it was encrypted and the user role she assumed had permissions to use the KMS to decrypt. But probably wasn't encrypted.
It is the new tech trend; soon to be standard. You better check your system whether you are following the latest technology. If you encrypted, you are like an old fart.
Only 5 yrs in prison for something affecting 100 M people?
It sounds like the data possibly wasn't actually used or released. So if the actual damage to people was low, I could see the sentence. Of course it will have a large effect on C1, but kinda their fault.
If, inside your second story window, you were storing valuable data that 100 million people had trusted you to protect, you're still at fault for being negligent with their data. Of course the woman that committed the breach is at fault, but so is Capital One.
“What’s in your wallet?” Apparently a Seattle software engineer.
So diverse. Diversity performs better. Various studies.
This is relevant how?
I’d still work at Capital One lol
Lol