https://enlacehacktivista.org/index.php?action=history&feed=atom&title=Capital_OneCapital One - Revision history2026-05-05T19:49:43ZRevision history for this page on the wikiMediaWiki 1.43.8https://enlacehacktivista.org/index.php?title=Capital_One&diff=286&oldid=prevAmongomous: Created page with "Hack of Capital One by erratic. [https://edition.cnn.com/2021/06/30/tech/capital-one-hacker-new-charges/index.html CNN Business: A hacker gained access to 100 million Capital One credit card applications and accounts] == Explanation of the Hack == The hacker exploited an SSRF vulnerability in ModSecurity to grab [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md#ssrf-url-for-cloud-instances A..."2021-12-26T11:35:10Z<p>Created page with "Hack of Capital One by <a href="/index.php/Paige_Thompson" title="Paige Thompson">erratic</a>. [https://edition.cnn.com/2021/06/30/tech/capital-one-hacker-new-charges/index.html CNN Business: A hacker gained access to 100 million Capital One credit card applications and accounts] == Explanation of the Hack == The hacker exploited an SSRF vulnerability in ModSecurity to grab [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md#ssrf-url-for-cloud-instances A..."</p>
<p><b>New page</b></p><div>Hack of Capital One by [[Paige Thompson|erratic]].<br />
<br />
[https://edition.cnn.com/2021/06/30/tech/capital-one-hacker-new-charges/index.html CNN Business: A hacker gained access to 100 million Capital One credit card applications and accounts]<br />
<br />
== Explanation of the Hack ==<br />
<br />
The hacker exploited an SSRF vulnerability in ModSecurity to grab [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md#ssrf-url-for-cloud-instances AWS instance credentials from the EC2 metadata service] and used them to access an S3 bucket containing credit applications.<br />
<br />
Even though the hacker used a combination of iPredator VPN and Tor to stay anonymous at the IP layer, she confessed to her activities in a Slack group of a local tech meetup group and uploaded exfiltration scripts to a GitHub account connected to her real identity. A member of the Slack group reported her to the FBI.<br />
<br />
No data from Capital One was ever leaked anywhere, but she's alleged to also have used the same exploit to deploy crypto miners.<br />
<br />
https://www.courtlistener.com/docket/15983291/united-states-v-thompson/<br />
<br />
[[Category:Hacks]]</div>Amongomous