Guilty Verdict in 2019 Capital One Breach
Former Amazon software engineer Paige Thompson has been found guilty of wire fraud and computer intrusion in connection with the 2019 Capital One breach. The incident resulted in the theft of payment card application data belonging to 100 million individuals. Thompson scanned for misconfigured AWS accounts and stole data from at least 30 organizations.
The key quote is “According to the US Attorney's office, Thompson used a tool to scan AWS accounts in search of misconfigurations.” If Capital One, and the other 29 vulnerable AWS users Thompson found with vulnerabilities, had run that tool first, damage would have been avoided. Even better would be cloud service providers routinely scanning and notifying their customers of vulnerable configurations. Amazon, Google and Microsoft seem very good at targeting advertising (for free) to *potential* cloud service customers – seems like a no-brainer for them to be able to do targeted alerts (for free) to existing customers.