BREAKING: Capital One is facing a federal class action over a massive data breach

[soodhilodaaram]

why would anyone boast about their crime, looks like she is not the hacker

[shaw183]

Just now, soodhilodaaram said:

I feel like she is made the scapegoat

homeless dani techi story alluthunlu emo kodukulu

already amazon adi company vadilesi 3 yrs ayindi antunlu

[LazyRohit]

15 minutes ago, Spartan said:

Amazon Employee, AWS lo System Admin..

Capital One Credentials kottesi, valla network Firewall breach chesindi..

no SSN's compromised, but Full Name, DOB Address etc poinai..

all data was related to CC applications, dabbul em raavu venakki...

ante only new applications anega uncle?

 for the info

sad that I will not get any money

[dasara_bullodu]

Super buying opportunity konni konna

[CNR]

37 minutes ago, Spartan said:

Amazon Employee, AWS lo System Admin..

Capital One Credentials kottesi, valla network Firewall breach chesindi..

no SSN's compromised, but Full Name, DOB Address etc poinai..

all data was related to CC applications, dabbul em raavu venakki...

Waf account role  use chese she got access to S3 bucket and sync to external site.. Naa question how did she able to access the server or she didn’t logged into server but using aws clli  executed waf commands ? 

detail ga evaru chepatledu .. where did she executed waf commands , how was she able to get into place where executed commands. I’m curious to know .

credentials ela kotestadi .. that is wrong statement . Ala aite amazon vadi pungi bajaistaru

[Spartan]

1 minute ago, CNR said:

Waf account role  use chese she got access to S3 bucket and sync to external site.. Naa question how did she able to access the server or she didn’t logged into server but using cli able to get into cli  and executed waf commands ? 

detail ga evaru chepatledu .. where did she executed waf commands , how was she able to get into place where executed commands. I’m curious to know .

credentials ela kotestadi .. that is wrong statement . Ala aite amazon vadi pungi bajaistaru

One command executed in the firewall hack allowed the intruder to gain credentials for an administrator account known as "*****WAF-Role." This in turn enabled access to bank data stored under contract by a cloud computing company that went unnamed in court documents, but was identified as Amazon Web Services by the NYT and Bloomberg. Other commands allowed the attacker to enumerate Capital One folders stored on AWS and to copy their contents. IP addresses and other evidence ultimately indicated that Thompson was the person who exploited the vulnerability and posted the data to Github, Martini said.

Thompson allegedly used Tor and a VPN from IPredator in an attempt to cover her tracks. At the same time, Martini said that much of the evidence tying her to the intrusion came directly from things she posted to social media or put in direct messages. A June 26 Slack posting and another post the next day to an unnamed service, for instance, both referred to the WAF-Role account.

[Spartan]

6 minutes ago, CNR said:

Waf account role  use chese she got access to S3 bucket and sync to external site.. Naa question how did she able to access the server or she didn’t logged into server but using aws clli  executed waf commands ? 

detail ga evaru chepatledu .. where did she executed waf commands , how was she able to get into place where executed commands. I’m curious to know .

credentials ela kotestadi .. that is wrong statement . Ala aite amazon vadi pungi bajaistaru

FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account, belonging to Thompson, contained evidence that earlier this year someone exploited a firewall vulnerability in Capital One’s network that allowed an attacker to execute a series of commands on the bank’s servers.

[shaw183]

1 minute ago, Spartan said:

FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account, belonging to Thompson, contained evidence that earlier this year someone exploited a firewall vulnerability in Capital One’s network that allowed an attacker to execute a series of commands on the bank’s servers.

so that's exactly my point..capital one network/TLS protocols update ayi lev...technically there is nothing called hack its an insider-job.

[Spartan]

2 minutes ago, shaw183 said:

so that's exactly my point..capital one network/TLS protocols update ayi lev...technically there is nothing called hack its an insider-job.

hacking is an art..vellanta exploitation chestunnaru...

exploitation =! hacking ani media ki telvad kada....

[CNR]

7 minutes ago, Spartan said:

FBI Special Agent Joel Martini wrote in a criminal complaint filed on Monday that a GitHub account, belonging to Thompson, contained evidence that earlier this year someone exploited a firewall vulnerability in Capital One’s network that allowed an attacker to execute a series of commands on the bank’s servers.

I understood the part using waf role got access to s3 bucket . In order to execute the command she should execute from server or aws cli. Assuming server ki acess vachi execute cheste , then that is capital one bank negligence about firewall mosconfiguration. Vulnerability or misconfiguration ani doubt ?? Capital one bank motam programmers hava

[tacobell fan]

Just now, Spartan said:

hacking is an art..vellanta exploitation chestunnaru...

exploitation =! hacking ani media ki telvad kada....

ee lekkana FBI should hire hackers to their team? Github details FBI review cheyyali ante they need to understand whereabouts kada 

[Spartan]

1 minute ago, tacobell fan said:

ee lekkana FBI should hire hackers to their team? Github details FBI review cheyyali ante they need to understand whereabouts kada 

Ethical Hackers concept telusa...

prati company lo group untadi which prevents the thrawts from the outside world hackers..valle vellu kuda.

Thompson online activity track cheste..GithUb link vetakadam pedda kashtam kaadu ..

[Spartan]

2 minutes ago, CNR said:

I understood the part using waf role got access to s3 bucket . In order to execute the command she should execute from server or aws cli. Assuming server ki acess vachi execute cheste , then that is capital one bank negligence about firewall mosconfiguration. Vulnerability or misconfiguration ani doubt ?? Capital one bank motam programmers hava

yes, ade undi kada...

she got access to Captial Ones network vulnerability..adi use chesi she exploited and used the role to get the files from S3.

[Chinna84]

Amazon stock 10gutundhaa ippudu ??

[dasara_bullodu]

11 minutes ago, shaw183 said:

so that's exactly my point..capital one network/TLS protocols update ayi lev...technically there is nothing called hack its an insider-job.

I guess they know internal details of their security protocols and also admin passwords don't change over time. Being ex-employee if they get access to Cone network it should be easy to breach