It was a simple misconfiguration that doomed Capital One. In March 2019, former Amazon employee Paige Thompson exfiltrated the data of more than 100 million Capital One customers, culminating in one of the year’s worst breaches. Thompson exploited what’s known as a server-side request forgery (SSRF) to access credit applications, Social Security numbers and consumer information stored online through Amazon Web Services (AWS). Capital One was not alerted until July 2019, after Thompson published the trove of sensitive data online.
Read how pentesting can be used to prevent a data breach on Forbes.