Capital one hacked - Super hacker named 4chan?

  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
Capital One was hacked 100 million user effected
https://www.stltoday.com/news/natio...d043fb33b5.html#tracking-source=home-breaking

SEATTLE (AP) — A hacker gained access to personal information from more than 100 million Capitol One credit applications, the bank said Monday as federal authorities arrested a suspect in the case.
Paige A. Thompson — who also goes by the handle "erratic" — was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.
The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers, the bank said. It will offer free credit monitoring services to those affected.
The FBI raided Thompson's residence Monday and seized digital devices. An initial search turned up files that referenced Capital One and "other entities that may have been targets of attempted or actual network intrusions."
A public defender appointed to represent Thompson did not immediately return an email seeking comment.
The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers, the bank said. It will offer free credit monitoring services to those affected.
1564452809006.png

In this July 16, 2019, photo, a man walks across the street from a Capital One location in San Francisco. Capital One says a hacker got access to the personal information of over 100 million individuals applying for credit. The McLean, Virginia-based bank said Monday, July 29, it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator. (AP Photo/Jeff Chiu)
Capitol One, based in McLean, Virginia, said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.
According to the FBI complaint, someone emailed the bank two days before that notifying it that leaked data had appeared on the webhosting site GitHub.
And a month before that, the FBI said, a Twitter user who went by "erratic" sent Capitol One direct messages warning about distributing the bank's data, including names, birthdates and Social Security numbers.
"Ive basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it," one said. "I wanna distribute those buckets i think first."
Capital One said it believes it is unlikely that the information was used for fraud, but it will continue to investigate. The data breach affected about 100 million people in the U.S. and 6 million in Canada.

Capital One Financial Corp., the nation's seventh-largest commercial bank with $373.6 billion in assets as of June 30, is the latest U.S. company to suffer a major data breach in recent years.
In 2017, a data breach at Equifax, one of the major credit reporting companies, exposed the Social Security numbers and other sensitive information of roughly half of the U.S. population.
Last week, Equifax agreed to pay at least $700 million to settle lawsuits over the breach in a settlement with federal authorities and states. The agreement includes up to $425 million in monetary relief to consumer
 
Click to expand...
Null said:
There are no actual women in tech. There are many more trannies in IT than real women. There are competent women, and a handful of extraordinary women, but these types are always trannies.
Click to expand...
Hello boss thanks for stopping by
What a shocker a tranny from Seattle
 
Well, I'm glad I don't do business with them.
I'm still fucked from the Equifax hack, though.

Fuck them, I'm not taking their free credit monitoring in exchange for the right to sue those fuckers.

Null said:
There are no actual women in tech. There are many more trannies in IT than real women. There are competent women, and a handful of extraordinary women, but these types are always trannies.
Click to expand...
Except for that cunt music major bitch who was the single reason the Equifax hack happened.
Fucking diversity hires.

DJevFfjUEAAkPMX.jpg
 
Last edited:
I think it’s time to reevaluate our current credit system and how online digital money works it is far too easy
To hack banks
Steal credit card numbers and to offshore money
This isnt the first time .....have Equifax, capital one and that incident with target
Just look at the panama paper leaks as well
 
Of course this happens right after I get a Capital One credit card. Fucking RIP. Also gas trannies.
 
Sword Fighter Super said:
Fuck them, I'm not taking their free credit monitoring in exchange for the right to sue those fuckers.


Except for that cunt music major bitch who was the single reason the Equifax hack happened.
Fucking diversity hires.

DJevFfjUEAAkPMX.jpg
Click to expand...


I want to know what the hack was before passing a judgement on troon tech superiority. 0.999 chance it's a case of extreme dumbassery on part the bank. The bigger they get, the less fucks they give about trivial security.
 
Ягода said:
I want to know what the hack was before passing a judgement on troon tech superiority. 0.999 chance it's a case of extreme dumbassery on part the bank. The bigger they get, the less fucks they give about trivial security.
Click to expand...
Their fuckup was hiring a music major to be their head of security for the entire company.
Her being a woman was just the cherry on top.
 
Wow, a rare occurrence of an autogynephile actually hacking something xirself instead of snitching to the feds for attention. How quaint.
 
Ягода said:
I want to know what the hack was before passing a judgement on troon tech superiority. 0.999 chance it's a case of extreme dumbassery on part the bank. The bigger they get, the less fucks they give about trivial security.
Click to expand...

Based on the federal complaint it sounds like Capital One had a publicly reachable server that was leaking credentials that could be used to access an S3 bucket that contained credit application info. So yeah, they fucked up. Interestingly, Paige’s resume lists a gig working for Amazon on S3. This is after a long string of short-term gigs working for no-name companies. Smart person who underacheived due to untreated mental illness isn’t completely out of the question, but the signs are pointing to lackluster talent who got “lucky” and whose arrogance is now landing them in “dilate me in my stinkditch” federal prison for a long, long time.
 
This tard got caught because they used Gist for private notes and commentary: https://gist.github.com/paigeadelethompson All the actual exploits are deleted.

She also claimed to have 7 proxies by going through VPN (IP Predator) -> Tor -> AWS (Capital One). It appears she was trying to use Tor through a VPN but it probably crashed or something at some point and she didn't realise she was using the "bare" VPN. These kind of random failures are why you shouldn't do this shit even if you think you know how to get away with it.

Googling for IP Predator IPs + AWS IPs leads you to her Gists and it was probably even easier before GitHub scrubbed the full data.

Not to mention she used a picture of herself on the Twitter profile she used to threaten Capital One. She apparently also freely linked to her GitHub from IRC where anyone in there could have sold her out (perhaps even one of them sent the email tipping off Capital One).

As for the actual exploit I'm guessing the following:

- Capital One is using AWS WAF which is a "firewall" to block common exploits etc.
- WAF requires access to AWS S3 to write logs.
- Something on Capital One's website spat out the WAF log credentials (this is the exploit).
- Those WAF credentials had read access to all of Capital One's S3 buckets (this is Capital One being retarded).

E: I may have found the source of the exploit.

Capital One has repos on GitHub: https://github.com/capitalone

When I google for "site:https://github.com/capitalone "waf"" there are results pointing to https://github.com/capitalone/cloud-custodian. Turns out this is an open source project by Capital One.

There's loads of "fake" tokens in the tests, issues, etc. One of them was probably real.

This PR appears to be part of the audit process to figure out if any other damage occurred and maybe also what dumbfuck created the role with too many permissions: https://github.com/cloud-custodian/cloud-custodian/pull/3850
 
Last edited:
As soon as I saw "Seattle" and "Paige," I knew it was a tranny that worked for AWS.

:story:

Fortunately, it seems to mostly have impacted people who applied for business cards using their SSN, rather than an EIN (so small business owners, etc, most likely). Additionally, the breaches only took place on March 22 and 23 of this year, and the new #1 bestest tranny in tech - sorry, Brianna Wu - was caught less than two weeks after the breach was first detected.

I've got a shoeboxed Capital One card that I keep around because it's over a decade old, which increases the average age of my various accounts, boosting my credit score. I'm interested in seeing if I was affected, but, as of this moment, I haven't received any kind of correspondence. Regardless, I'm not super concerned, and I look forward to getting my $3 from the class action lawsuit in two years.
 
Actual headline: Former contractor takes advantage of laughable corporate security. Leaves trail of breadcrumbs a mile long and is promptly butt fucked to prison.

One of the largest accountancy firms here in Sydney I used to contract for used to leave sys-admin passwords stabled next to terminals attached to servers housing tens of thousands of corporate financial records and bank accounts.

Taking advantage of available avenues to commit a crime is always exponentially easier than the inevitable necessary escape when a hundred agents in multiple states start coming down on your ass. Only the exceptional try, usually brainlets because most are caught.
 
While the Federal Bureau of Prisons does have a transgender policy - all prisoners are initially held based on their biological sex. So, Trevor/Paige, will be held, pre-trial, in GenPop (unless they put him in the SHU). This is important because there is no sorting pre-trial, if you're a non-violent financial crimes person you'll be held in the same place (sometimes the same cell) as an MS-13 teen who cut out a pizza delivery man's heart.
 
zedkissed60 said:
View attachment 865588
View attachment 865606View attachment 865607
https://web.archive.org/web/19991023001909/http://www.tbp.mb.ca:80/~dialtone/who.htm (.)

View attachment 865610
https://web.archive.org/web/20071005155828/http://www.tprophet.org/tprophet-anime_640x480.jpg (.)

View attachment 865622
https://web.archive.org/web/20021210074631/http://www.tprophet.org:80/minicon/index.htm (.)

View attachment 865636View attachment 865637View attachment 865638View attachment 865639View attachment 865640View attachment 865641View attachment 865642View attachment 865643View attachment 865644View attachment 865645View attachment 865646View attachment 865647
https://www.justice.gov/usao-wdwa/press-release/file/1188626/download (.)

View attachment 865660View attachment 865659
View attachment 865679View attachment 865683
https://twitter.com/0xA3A97B6C (http://archive.li/ZDUhM)

View attachment 865927
View attachment 865914View attachment 865915View attachment 865917View attachment 865918
https://www.facebook.com/paige.thompson.12139 (.)
Click to expand...
To be fair, he could almost pass for a 50 year old raddled addict bar hag.
 
You must log in or register to reply here.
Back
Top Bottom