Jump to content

Yet Another Breach - Massive Capital One Hack


exile360

Recommended Posts

I'm really tired of hearing about these.  As security conscious users, we take measures (sometimes extreme measures in the cases of the more paranoid among us such as myself) to secure our systems and our data, yet it seems none of us is safe from being violated, but not through any fault of our own, but instead by third parties who are responsible for our data because we are in their databases.  This time it's Capital One that had their systems infiltrated, but thankfully the culprit has been caught, however at this point no one knows if the guilty party shared (or sold on the black market; a common ploy by hackers seeking quick profits) any of the stolen information that was exfiltrated from Capital One's servers, but the issue is being investigated by authorities.

You can learn more about this incident here.  The article claims that this is one of the largest financial service breaches in history, apparently dwarfing the recently reported Equifax incident; you can read more about that incident on the Malwarebytes Labs blog here if you aren't familiar with it.

One of the issues I find most frustrating is that in spite of these near constant breaches, large companies continue to seek more and more information about their customers (and anyone who uses their services/sites/software etc.), and while the amount of information these organizations have on people is only increasing exponentially, the number of breaches exposing all of that information is also increasing.  I am not claiming that there is any sort of correlation; obviously there is not, however it is disturbing that these organizations are so eager to gather so much personal data and information when it's been proven time and time again each time an incident like this gets reported, that they cannot keep that information secure and out of the hands of malicious third parties such as hackers and criminal organizations.  That doesn't even take into account the potential for a malicious actor within such an organization such as a rogue employee who might be secretly stealing data to profit from it on the black market or through credit fraud.

Edited by exile360
Link to post
Share on other sites

  • Root Admin

You know what would probably make a real change is if Owners/CEO/CTO/CFO were actually held criminally neglect and if found guilty, complicit in not taking the appropriate precautions to prevent or authorizing excess access or gathering of user data and had to do at least a short period of time in prison I bet you most of these would come to a halt real soon.

 

Like here where Facebook was fined $5 billion dollars but made more than that due to the advertising upswing from the news alone. Though a huge amount of money to most people that is chump change to these huge companies. Time in prison for Owners, CEO/CTO/CFO would surely really slow that train down.

  https://www.theverge.com/2019/7/24/20707013/ftc-facebook-settlement-data-cambridge-analytica-penalty-privacy-punishment-5-billion

 

Link to post
Share on other sites

Yep, agreed, but it'll never happen, at least not in the US thanks to lobbyists who fight to represent these companies' financial and legal interests.  It's the same reason net neutrality died/was overturned and why the likes of Microsoft, Google, Yahoo, Facebook etc. were all called out over PRISM, yet every single one of them had almost the exact same response, nearly word-for-word (curious, isn't it?) when speaking publicly about the allegations made in the leaked document provided by Edward Snowden.  All this data collection is a great tool for governments, marketing folks, and pretty much anyone who has the means to take advantage of such massive data sets; something that is becoming increasingly accessible via modern hardware and AI/Machine Learning, with powerful GPUs to process all that data becoming more powerful and more widely available every year.  Unfortunately it will not be long before the bad guys begin taking advantage of AI as well, and when they do, the cyber-security industry is going to have a massive issue on its hands in trying to keep things secure.

Link to post
Share on other sites

  • Root Admin

Yep, unfortunately there isn't much one can really do about it. Though they say passwords were not obtained, I went ahead and changed my password. I already have 2FA and Alerts sent to my phone. Not much else I can do about it on my end. Not going to give them even more data about me to "help me"

 

Link to post
Share on other sites

My credit's so bad, anyone trying to pull any sort of credit scam/loan scam using my info would likely find that they'd be better off just being honest and using their own, but if any wealthy criminals feel like taking on my debts and paying them for me, they're more than welcome to it :P 

Link to post
Share on other sites

On 7/31/2019 at 5:37 AM, exile360 said:

My credit's so bad, anyone trying to pull any sort of credit scam/loan scam using my info would likely find that they'd be better off just being honest and using their own, but if any wealthy criminals feel like taking on my debts and paying them for me, they're more than welcome to it :P 

Right??!!!

Edited by mountaintree16
Link to post
Share on other sites

7 hours ago, exile360 said:

Yep, agreed, but it'll never happen, at least not in the US thanks to lobbyists who fight to represent these companies' financial and legal interests.  It's the same reason net neutrality died/was overturned and why the likes of Microsoft, Google, Yahoo, Facebook etc. were all called out over PRISM, yet every single one of them had almost the exact same response, nearly word-for-word (curious, isn't it?) when speaking publicly about the allegations made in the leaked document provided by Edward Snowden.  All this data collection is a great tool for governments, marketing folks, and pretty much anyone who has the means to take advantage of such massive data sets; something that is becoming increasingly accessible via modern hardware and AI/Machine Learning, with powerful GPUs to process all that data becoming more powerful and more widely available every year.  Unfortunately it will not be long before the bad guys begin taking advantage of AI as well, and when they do, the cyber-security industry is going to have a massive issue on its hands in trying to keep things secure.

😡😭😭😭😡🤬

Link to post
Share on other sites

7 hours ago, AdvancedSetup said:

You know what would probably make a real change is if Owners/CEO/CTO/CFO were actually held criminally neglect and if found guilty, complicit in not taking the appropriate precautions to prevent or authorizing excess access or gathering of user data and had to do at least a short period of time in prison I bet you most of these would come to a halt real soon.

 

Like here where Facebook was fined $5 billion dollars but made more than that due to the advertising upswing from the news alone. Though a huge amount of money to most people that is chump change to these huge companies. Time in prison for Owners, CEO/CTO/CFO would surely really slow that train down.

  https://www.theverge.com/2019/7/24/20707013/ftc-facebook-settlement-data-cambridge-analytica-penalty-privacy-punishment-5-billion

 

Agreed!!!!! This NEEDS to happen. 

Link to post
Share on other sites

  • 2 weeks later...
On 7/31/2019 at 4:48 AM, AdvancedSetup said:

You know what would probably make a real change is if Owners/CEO/CTO/CFO were actually held criminally neglect and if found guilty, complicit in not taking the appropriate precautions to prevent or authorizing excess access or gathering of user data and had to do at least a short period of time in prison I bet you most of these would come to a halt real soon.

 

Like here where Facebook was fined $5 billion dollars but made more than that due to the advertising upswing from the news alone. Though a huge amount of money to most people that is chump change to these huge companies. Time in prison for Owners, CEO/CTO/CFO would surely really slow that train down.

  https://www.theverge.com/2019/7/24/20707013/ftc-facebook-settlement-data-cambridge-analytica-penalty-privacy-punishment-5-billion

 

This does need to happen but it won't and sadly Facebook wasn't fined it was a settlement, they should have been fined though.

 

The Canadian part of the capital one site. claimed there was no SIN numbers leaked during the hack and then directly under it claims there was.

 

Capital One is offering 2 years of Identity theft protection and insurance which just isn't good enough in my opinion.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.