Data Breach Omnibus Thread

Other discussions not related to the Permanent Portfolio

Moderator: Global Moderator

User avatar
dualstow
Executive Member
Executive Member
Posts: 8470
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Data Breach Omnibus Thread

Post by dualstow » Tue Jul 30, 2019 4:42 pm

‘Cos every forum needs one.

We have four Capital One cards in our household, used daily.
Darn.
BREAKING :: NordVPN was hacked. They put out a youtube video on it ::
User avatar
Xan
Administrator
Administrator
Posts: 2266
Joined: Tue Mar 13, 2012 1:51 pm

Re: Data Breach Omnibus Thread

Post by Xan » Tue Jul 30, 2019 5:25 pm

If it's any comfort, they caught the guy who did it.

Image
User avatar
dualstow
Executive Member
Executive Member
Posts: 8470
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Re: Data Breach Omnibus Thread

Post by dualstow » Tue Jul 30, 2019 6:23 pm

It’s a she, right? Paige Adele Thompson. (looks male, though)
Not much consolation if people apply for credit in my name, but yeah, I’m glad she’s been caught.
BREAKING :: NordVPN was hacked. They put out a youtube video on it ::
User avatar
Xan
Administrator
Administrator
Posts: 2266
Joined: Tue Mar 13, 2012 1:51 pm

Re: Data Breach Omnibus Thread

Post by Xan » Tue Jul 30, 2019 7:23 pm

dualstow wrote:
Tue Jul 30, 2019 6:23 pm
It’s a she, right?
Depends how you define "is". Or "she". One or the other.
User avatar
ochotona
Executive Member
Executive Member
Posts: 2757
Joined: Fri Jan 30, 2015 5:54 am

Re: Data Breach Omnibus Thread

Post by ochotona » Tue Jul 30, 2019 10:07 pm

Just plain ugly
User avatar
sophie
Executive Member
Executive Member
Posts: 3125
Joined: Mon Apr 23, 2012 7:15 pm

Re: Data Breach Omnibus Thread

Post by sophie » Wed Jul 31, 2019 6:48 am

Who cares what she looks like???? Awesome that the power of social media enabled her to get caught quickly.

Freeze your credit, find a way to monitor your credit report & various account transactions, and move on. All of our Social Security numbers and various other bits of personal information might as well be published in the New York Times. You can be sure that for every leak you've heard about, there are a few dozen you didn't hear about.

I'm also fairly impressed with Capital One's handling of the situation. They put Equifax to shame.
jacksonM
Executive Member
Executive Member
Posts: 364
Joined: Wed Sep 26, 2018 1:59 pm

Re: Data Breach Omnibus Thread

Post by jacksonM » Wed Jul 31, 2019 7:36 am

According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
User avatar
dualstow
Executive Member
Executive Member
Posts: 8470
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Re: Data Breach Omnibus Thread

Post by dualstow » Wed Jul 31, 2019 8:52 am

I love that the chair of Cap One is named Mr Fairbank. He was born for this.
BREAKING :: NordVPN was hacked. They put out a youtube video on it ::
User avatar
Xan
Administrator
Administrator
Posts: 2266
Joined: Tue Mar 13, 2012 1:51 pm

Re: Data Breach Omnibus Thread

Post by Xan » Wed Jul 31, 2019 9:09 am

sophie wrote:
Wed Jul 31, 2019 6:48 am
Who cares what she looks like???? Awesome that the power of social media enabled her to get caught quickly.
Well, at first I thought it was interesting that it was a woman. First time I've heard of a woman being the perp for a crime of this variety. Then came to discover.. it wasn't.
User avatar
dualstow
Executive Member
Executive Member
Posts: 8470
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Re: Data Breach Omnibus Thread

Post by dualstow » Wed Jul 31, 2019 10:04 am

Xan wrote:
Wed Jul 31, 2019 9:09 am
First time I've heard of a woman being the perp for a crime of this variety. Then came to discover.. it wasn't.
You're saying Thompson is transgender, then. That would explain the confusion.
BREAKING :: NordVPN was hacked. They put out a youtube video on it ::
User avatar
ochotona
Executive Member
Executive Member
Posts: 2757
Joined: Fri Jan 30, 2015 5:54 am

Re: Data Breach Omnibus Thread

Post by ochotona » Wed Jul 31, 2019 10:14 am

jacksonM wrote:
Wed Jul 31, 2019 7:36 am
According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
Jackson, wouldn't the same vulnerability exist even if it was an on-prem data center, and the disgruntled employee was an employee of Capital One, or one of its contractors? If you're going to mis-configure the firewall to let bad actors in, does it matter if it's on-prem or cloud? I know a little about AWS, based on what we see in the press, seems the problem was the Identity and Access Management Role this person was given... and per the AWS contract, assigning IAM Roles is 100% a customer responsibility.
jacksonM
Executive Member
Executive Member
Posts: 364
Joined: Wed Sep 26, 2018 1:59 pm

Re: Data Breach Omnibus Thread

Post by jacksonM » Wed Jul 31, 2019 10:48 am

ochotona wrote:
Wed Jul 31, 2019 10:14 am
jacksonM wrote:
Wed Jul 31, 2019 7:36 am
According to what I've read the data that was hacked was stored in Amazon's Cloud Storage and the hacker was a former Amazon employee. So it was another inside job which has been the case with every hack I was personally involved with in my IT career. They said it was a "poorly configured firewall". Maybe she was the one who poorly configured it.

We were looking into navigating our data into the "cloud" near the end of my career and I thought it was a very bad idea. It was like punting on data security and letting somebody else do it for you. This is exactly why I thought it was a bad idea.
Jackson, wouldn't the same vulnerability exist even if it was an on-prem data center, and the disgruntled employee was an employee of Capital One, or one of its contractors? If you're going to mis-configure the firewall to let bad actors in, does it matter if it's on-prem or cloud? I know a little about AWS, based on what we see in the press, seems the problem was the Identity and Access Management Role this person was given... and per the AWS contract, assigning IAM Roles is 100% a customer responsibility.
Yes, that's a good point. There were several data breaches at the company I worked for and at least two of them were inside jobs. In one case a database administrator simply copied data to a thumb drive and carried it out of the building (that one made the headlines). I think he just got out of jail. In the other case, someone removed all limits on ATM withdrawals resulting in about $20-40 million in losses. Cost a friend of mine who was the CIO his job. Don't know if they ever caught the person responsible.

This was one of the reasons they were considering moving to the cloud - the other being cost of hardware and all the upgrades that would have to be made to tighten security.

I guess I'm just a control freak because if it was my decision I'd rather not turn things over to a company I have no control over.

I believe I read the government is going to use Amazon cloud storage (I think it was even the Pentagon). In that case, Amazon may very well do a better job of it.
Post Reply