Another day, another data breach. This time at Capital One, the fifth largest credit card issuer in the United States.

Specifically, on July 29, 2019, FBI agents arrested Paige A. Thompson on suspicion of downloading nearly 30 GB of 100 million Capital One Financial Corp credit applications from a rented cloud data server. The FBI says Capital One learned about the theft from a July 17, 2019, email stating that some of its leaked data was being stored for public view on the software development platform Github. That Github account was for a user named “Netcrave,” which includes the resume and name of Paige A. Thompson. According to the FBI, Thompson also used a public Meetup group under the alias “erratic,” where she invited others to join a Slack channel named “Netcrave Communications.”

KrebsOnSecurity actually entered the open Netcrave Slack channel on July 30, 2019, and reviewed a June 27, 2019 commentary Thompson, which listed various databases she found by hacking into improperly secured Amazon cloud accounts, suggesting that Thompson may also have exfiltrated tens of gigabytes of data belonging to other major corporations.

(more…)