A Technical Analysis of the Capital One Hack

Originally published at: https://sweetops.com/sub/a-technical-analysis-of-the-capital-one-hack/

The disclosure of yet another cloud security misconfiguration leading to the loss of sensitive personal information came with a bit more information from the indictment of the accused party, allowing us to piece together the revealed data and take an educated guess as to what may have transpired leading up to the loss of over 100 million credit card applications and 100 thousand social security numbers. At the root of the hack lies a common refrain: the misconfiguration of cloud infrastructure resources allowed an unauthorized user to elevate her privileges and compromise sensitive documents.