Amazon: No evidence companies named in leaked Capital One files were breached

Ford and UniCredit among the companies named in files leaked by Capital One hacker Paige Thompson

Amazon claims that there is no evidence that companies named in the leaked Capital One bank files have been breached. The company has contacted the companies cited, which include Ford and Italian banking giant UniCredit to reassure them that it has found no proof that they, too, may have suffered a data breach.

News of the Capital One data breach emerged on Monday this week when the hacker, a former Amazon Web Services (AWS) employee called Paige Thompson, appeared in court, charged with the attack.

https://twitter.com/GossiTheDog/status/1156486733426544641?ref\\_src=twsrc%5Etfw

She had first gained access to the S3 bucket operated by Capital One in March this year, exploiting a misconfigured firewall, downloading files in April and hosting them on an account on GitHub.

Capital One only became aware of the breach on 17 July when it was informed via email. Thompson, however, had left a trail of evidence pointing in her direction, leading to her arrest.

https://twitter.com/amias/status/1156494133105766400?ref\\_src=twsrc%5Etfw

In a Slack message posting, Thompson had indicated that Capital One wasn't the only company on AWS hosting insecure databases, according to Bloomberg, which was passed a copy of the conversation.

The Slack posting indicating that other organisations might have been targetted by the alleged Capital One hacker

However, a spokesperson for AWS told Bloomberg that the company had "reached out to the customers mentioned in online forums by the perpetrator to help them assess their own logs for any evidence of an issue".

https://twitter.com/GossiTheDog/status/1156487450405036032?ref\\_src=twsrc%5Etfw

He added: "We do not have proof that the perpetrator in the Capital One incident found similar application flaws in a few other customers."

AWS, though, has been criticised for disabling logging by default, while making just a few configuration errors on an AWS set-up can, likewise, expose a critical corporate system or database. AWS does, though, provide instructions for enabling server-access logging for S3 buckets to help organisations monitor for unauthorised access.