Capital One

From Enlace Hacktivista
Jump to navigation Jump to search

Hack of Capital One by erratic.

CNN Business: A hacker gained access to 100 million Capital One credit card applications and accounts

Explanation of the Hack

The hacker exploited an SSRF vulnerability in ModSecurity to grab AWS instance credentials from the EC2 metadata service and used them to access an S3 bucket containing credit applications.

Even though the hacker used a combination of iPredator VPN and Tor to stay anonymous at the IP layer, she confessed to her activities in a Slack group of a local tech meetup group and uploaded exfiltration scripts to a GitHub account connected to her real identity. A member of the Slack group reported her to the FBI.

No data from Capital One was ever leaked anywhere, but she's alleged to also have used the same exploit to deploy crypto miners.

https://www.courtlistener.com/docket/15983291/united-states-v-thompson/