U.S. Markets closed

Capital One hacker exploits a common Amazon cloud vulnerability to access 106 million accounts

Mike Dudas

The hacker who stole more than 106 million records from Capital One this past week was able to do so because of “a specific configuration vulnerability,” according to the company, long known for having a strong security team.

A Wall Street Journal analysis of records left behind by the alleged hacker, Paige A. Thompson, a former Amazon cloud-computing employee, imply that Thompson exploited a security hole that professionals have been aware of for years.

Thompson hit the core of Amazon’s cloud technology, accessing the company’s metadata service. This enabled her to access data and credentials responsible for managing a vast number of critical cloud servers.

Join Genesis now and continue reading, Capital One hacker exploits a common Amazon cloud vulnerability to access 106 million accounts!