简体中文
繁體中文
English
Pусский
日本語
ภาษาไทย
Tiếng Việt
Bahasa Indonesia
Español
हिन्दी
Filippiiniläinen
Français
Deutsch
Português
Türkçe
한국어
العربية
Abstract:At the core of it, it's a simple IT error, but it shows that "the cloud," especially cloud security, is still being figured out.
The vulnerability that led to the Capital One data breach was a result of a misconfigured Capital One system that communicates with Amazon's Web Services (AWS) cloud platform, according to a report in The Wall Street Journal.
The type of vulnerability has been known about by security researchers for years.
Amazon places the responsibility on its clients to properly configure their systems.
The incident underscores what's likely to become a louder debate about security within the nascent cloud industry.
Visit Business Insider's homepage for more stories.
The vulnerability that led to the Capital One hack was known by security researchers since 2014, according to a report in The Wall Street Journal on Monday.
The Capital One breach was a result of misconfigured setting on a system that allowed the bank to communicate with Amazon Web Services (AWS), the bank's cloud provider. The misconfiguration led to weak security in one of the bank's networks.
It's unclear if Amazon itself knew if Capital One's systems specifically were misconfigured before the breach. Amazon says that it offers alerts when it detects security incidents, but no alert was sent or received by either Amazon or Capital One.
Still, Amazon places the responsibility on its customers to properly configure their systems, according to security adviser Scott Piper, who advises companies like Capital One on Amazon cloud security and spoke with the WSJ. Even if Amazon had known that a Capital One system was misconfigured, it's unclear if Amazon would have done anything about it.
It's likely that Capital One's security teams knew of the existence of the general type of vulnerability exploited in the breach, but whether they were aware that one of their systems was misconfigured isn't clear, either.
At the core of it, the Capital One breach appears to be an IT error on Capital One's part. Amazon has refused to take any culpability with the Capital One breach, and Capital One doesn't blame Amazon, either.
The debate of whether Amazon or Capital One did enough to prevent the hack underscores the extent to which the nascent cloud computing industry is still grappling with important procedures and expectations. Security in particular is an area that's likely to receive increasing scrutiny.
In February, it was found that other AWS clients have misconfigured systems, similar the one that led to the Capital One breach, according to security researcher Brennan Thomas who spoke with WSJ. And Thomas also said that the vulnerability isn't specific to AWS, but to other cloud platforms, too.
Amazon did not immediately replay to a request for comment.
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
PayPal Holdings Inc beat Wall Street estimates for quarterly profit and said U.S. users of its peer-to-peer payment service Venmo would be able to pay on Amazon.com starting next year.
Amazon's Q1 earnings could give more insights into how exactly the coronavirus pandemic is affecting its business, and the broader e-commerce space.
Amazon's Q1 earnings could give more insights into how exactly the coronavirus pandemic is affecting its business, and the broader e-commerce space.
Deutsche Bank has had a challenging few years months including a restructuring and big losses. DB said it would be cutting 18,000 jobs last year.