Capital One Announces Data Security Incident(press.capitalone.com)
press.capitalone.com
Capital One Announces Data Security Incident
http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043
6 コメント
S3 is not a database, but that's not the point. As explained by Capital One, the attacker gained access through a misconfigured web app. This could have happened on any platform (on-premise or cloud), and the underlying AWS services weren't compromised in any way.
They would probably argue S3 is a product targeted at sophisticated people, by virtue of knowing how S3 operates you are sophisticated.
> No bank account numbers or Social Security numbers were compromised, other than:
About 140,000 Social Security numbers of our credit card customers
About 80,000 linked bank account numbers of our secured credit card customers
This kind of double speak should double their fine.
This kind of double speak should double their fine.
In other words, someone didn't put a password on their S3 database exposed to the internet...