More

    A Capital Offense: Capital One’s Major Breach

    Must read

    Now, Futuristic Smart Suit Will Monitor Real-time Fitness

    Ever-Heard of Futuristic Smart Suits?Continuous advancement in technology in the early 21st century has fostered the development of...

    Know Everything About Mitra- The New Robot-friend Of COVID Patients

    The robots haven’t just come down in the workplace, but they are now significantly impacting people’s social lives with their advancements. By...

    The New INFINITE OFFICE With VR Is Opening Stunning Windows To Your Work From Home Experience

    Facebook revealed its revolutionary product  Infinite Office, which is specially designed for those working from Home. The Infinite Office is designed keeping...

    This AI Instantly Marks Down Local COVID-19 Outbreaks; No Doubling!

    The COVID-19 pandemic that is spreading globally like fire, demands strong prediction tools and means to containing...
    A Capital Offense: Capital One’s Major Breach 5
    Editorial Teamhttps://techgyo.com
    Editorial team of TechGYO.com

    It was only two years ago that Equifax became synonymous with distrust when 146 million accounts were breached, leaking personal information such as social security numbers and financial records.

    While Equifax is facing a $650m settlement due to this breach, they’ve gotten off relatively scot-free.  However, this doesn’t mean that most citizens don’t remember the incident, and I’m sure many are still wary of financial institutions, as they should be.

    As a matter of fact, this wariness has been all but solidified this week due to Capital One, a major online bank, suffering a massive breach which is estimated to have affected 100m customers.

    A Capital Offense: Capital One’s Major Breach 1

    Estimating the Damage

    What is the Capital One data breach?

    Capital One disclosed the breach on July 29th, though they discovered the breach on the 19th.  According to Capital One, the casualties for the breach are only estimations, as we won’t know the true results until a few months have passed, just like Equifax, but these are the current estimations:
    140,000 social security numbers
    1 million social insurance numbers(Canada’s social security)
    80,000 Capital One bank accounts numbers
    100m credit card applications.

    Concerning the credit card applications, Capital One says that credit card applications as early as 2005 are affected.  Right now, Capital One has a verification page to check if you have been affected by the breach.

    The good news is that the mastermind behind the breach, ex-Amazon employee Paige Thompson, has already been arrested for the breach.  According to the paper trail Paige left on the Internet, it seems that she doesn’t mind getting the recognition of the hacker that’s hated by over 100m citizens.

    How the Breach Occurred

    There’s a point where you sit down and think to yourself, “How does such a colossal breach happen?”

    Certainly there’s a legitimate reason, right?  There’s no way it’s something as simple as a bad configuration of a VPN server or a whistleblower.  

    Well, Paige Thompson admitted that she was able to access the information/server remotely.  This indicates a Remote Code Exploitation(RCE), but some sources are saying that it’s not an RCE attack, but a server-side request forgery(SSRF) attack.

    An SSRF attack basically requests a server to access a specific area or resource that it typically wouldn’t, the resource in question serving to benefit the attacker.  An SSRF attack is an easy, major vulnerability that any hacker would dream of finding, so it seems Thompson hit the jackpot.

    However, this is only speculation.  The certain methods can’t be confirmed until either Thompson specifies or enough time goes by to analyze the break-in.

    The Consequences of the Breach

    When I say consequences, I’m not talking about the potential identity theft or selling of information that can occur, though I’m sure those will happen.  No, I’m talking about the social backlash and the seeds that Capital One and Equifax have planted in society.

    Since the Equifax breach, more people than ever have come to the realization that their data is never truly safe.  Sure, your data can be encrypted, erased, etc., but there’s always that window, that period of time where your data is up for grabs by whoever can work their way around a computer.

    And when huge banks and businesses like Equifax and Capital One allow this to happen, it sends a message that, deep down, they don’t care enough about people’s data.  How could a bank like Capital One let an SSRF happen? For that attack to happen, there needs to be a major vulnerability first, and why would one exist in the first place?

    With growth comes paranoia, anxiety, fear, a variety of emotions that all culminate in the statement, “I don’t know.”

    I don’t know how these companies treat my data.  I don’t know if my data is out there, ready to be sold on a dark web market.  I don’t know what to trust on the Internet.

    Equifax and Capital One have sewn the seeds of distrust in today’s society, and more are realizing that they, just like everyone else, don’t know how their data is treated.  This realization is good in the long run, as it can lead to reforms and positive change, but it’s a negative feeling nonetheless.

    Latest

    Now, Futuristic Smart Suit Will Monitor Real-time Fitness

    Ever-Heard of Futuristic Smart Suits?Continuous advancement in technology in the early 21st century has fostered the development of...

    Google Maps New Feature Will Replicate The COVID-19 Status In Your Area

    With the COVID-19 pandemic, unfortunately, anticipated to stay longer, Google Maps added a new feature to its already long-list of countenances.  This...

    8 Incredible VR and AR Apps that are a must-have for your iPhone!

    Virtual Reality and Augmented Reality have touched all facets of life, with its magic-like bliss! Whether it be the Medical field, Engineering,...

    Explore The Most Awaited Discord Screen Share Feature

    Discord is one of the VoIP application and a group-chatting platform designed especially for gamers. But over five years, it is being...

    Apple Launched First-Ever Online Store For India On September 23

    Apple marked its expansion by launching its first online store in India on September 23. The Cupertino-based tech giant revealed the news...

    More Like This