March 29, 2024

More or less, everybody should be knowing the data breach incident of the Capital One which revealed about some leaked data through an email to Capital One on 17th July this year. The leaked data was comprised of personal information of around 106 million people of Canada and the US who were mostly consumers or small and medium business who went through the procedures of credit card application while providing personal information such as names, addresses, personal phone numbers, their payment history and credit scores as well as self-described income. In fact, the process of this hacking started months back in March when Paige Thompson, the former employee of Amazon services and the accused perpetrator of Capital One hacking, initiated scanning the internet to find vulnerabilities across various companies and organizations by literally knocking as many backdoors and backdoor password as possible.

Eventually, she could successfully explore open door through the metadata service of the Amazon Web Service which allowed her to enter the Capital One systems. As she was inside, she found other flows and ultimately exploited the misconfigured networks and was able to get cloud-based sensitive credentials which further helped her to access and download the customers’ records. However, this data breach incident might not have compromised any credit card details, but it has certainly resulted in a greater risk of providing important information to the hackers to create another fraud.

This attack is somewhat like the forgery of server-side request where a specific server can be under the trick of connecting to a restricted place. The contemporary cyber attackers are more interested in this type of proliferation of cloud services. Therefore, the lack of sufficient understanding of cloud-based storage of business data and information further leads to various potential vulnerabilities ultimately opening doors for the cybercriminals to easily make use of the opportunities.

Interestingly, these types of data breach incidents are increasingly taking place and becoming more and more common. As per the report of IT Governance, around 9.7 billion records have been leaked by the hackers from the beginning of 2019 and still on the continuation. In this context, nobody can confidently confirm that his or her confidential and sensitive data and information would never be compromised by the hackers. In other words, the important and sensitive data and information of any individual in any time can be subject to a data breach if special care especially locking the backdoor is not performed at the earliest.