An AWS Bucket Misconfig Cost Capital One $270M (and How You Can Avoid Being the Next Headline)

Written By: Armand Uno

In July 2019, ~100M records were stolen from Capital One due to a misconfigured firewall in an AWS bucket. Capital One paid $80M in fines and $190M in lawsuits and reparations. AWS paid nothing.

A statement from AWS said, “[the] attack occurred due to misconfiguration error at the application layer of a firewall.”

There’s a common misconception that cloud companies handle security, and their default is good enough. That couldn’t be farther from the truth. Users are responsible for protecting their data.

If they can’t protect their data, users better be ready to pay for their negligence and reparations.


How the breach happened.

A former AWS engineer, Paige Thompson, used homemade tools to discover a misconfigured firewall in Capital One’s environment.

The misconfigured firewall left a public-facing port open, which gained her access to an EC2 instance. She then used an overprivileged IAM role to access the S3 bucket containing a treasure trove of customer data. From there, it was as easy as duplicating the information and getting ready to sell it online.

In all her brilliance, Paige decided to brag about her exploits via online forums and text messages, which ultimately got her sentenced.


How can we help you avoid this?

Triden Group’s TG Cloud Security prevents this in 3 main ways:

  1. Continuous environment monitoring and reporting
  2. Cloud Security Architecture review
  3. Cloud Pen Testing services

Our tool monitors your total environment with a completely agentless tool, meaning it’s read-only, views 100% of your assets, and causes 0 performance impact from your end. Here’s a list of security threats we detect:

·        Malware

·        Vulnerabilities

·        Misconfigurations

·        Lateral movement risk

·        At-risk & compromised data

·        Identity and Access Management Risk (IAM Risk)

The Capital One breach was a misconfiguration – IAM risk – Lateral movement – At-Risk data. What cost Capital One $270M we could’ve found and reported back in a few minutes!

Furthermore, our Dev Sec Ops Cloud team will review your environment to provide architecture guidance for cleaning up unused cloud resources, preventing vulnerabilities, and preventing malware from being injected into your system.

Don’t believe us?

Our cloud pen test can prove just how many weak spots there are, or provide evidence that your cloud infrastructure is air-tight.

Reach out to Triden Group for a complimentary consultation today!

Share This Article!