CRITICAL EXPOSURE
Sector: Financial Services (Cloud)
Capital One
Targeted Breach
A former AWS engineer exploited a misconfigured Web Application Firewall (WAF) using an SSRF attack. They managed to extract over 100 million credit card applications, Social Security numbers, and bank account details from Capital One's S3 buckets.
Total Assets Compromised
106 Million Customers
Primary Kill Chain Vector
Server-Side Request Forgery (SSRF) / AWS Misconfiguration
Incident Timeline Marker
July 2019
Could your infrastructure sustain the same vector?
The exact techniques used in the Capital One breach are being commoditized on dark web forums. Run our simulated intelligence recon to calculate your immediate blast radius exposure in the Financial Services (Cloud) sector.
Run Blast Radius CalculatorSecure Tool • No Card Required