Capital One

From Enlace Hacktivista
Revision as of 11:35, 26 December 2021 by Amongomous (talk | contribs) (Created page with "Hack of Capital One by erratic. [https://edition.cnn.com/2021/06/30/tech/capital-one-hacker-new-charges/index.html CNN Business: A hacker gained access to 100 million Capital One credit card applications and accounts] == Explanation of the Hack == The hacker exploited an SSRF vulnerability in ModSecurity to grab [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md#ssrf-url-for-cloud-instances A...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Hack of Capital One by erratic.

CNN Business: A hacker gained access to 100 million Capital One credit card applications and accounts

Explanation of the Hack

The hacker exploited an SSRF vulnerability in ModSecurity to grab AWS instance credentials from the EC2 metadata service and used them to access an S3 bucket containing credit applications.

Even though the hacker used a combination of iPredator VPN and Tor to stay anonymous at the IP layer, she confessed to her activities in a Slack group of a local tech meetup group and uploaded exfiltration scripts to a GitHub account connected to her real identity. A member of the Slack group reported her to the FBI.

No data from Capital One was ever leaked anywhere, but she's alleged to also have used the same exploit to deploy crypto miners.

https://www.courtlistener.com/docket/15983291/united-states-v-thompson/

Retrieved from "https://enlacehacktivista.org/index.php?title=Capital_One&oldid=286"