Earlier this year, the US credit card provider Capital One suffered one of the most jarring data leaks of the last decade. Sensitive financial data from over 106 million customers had been stolen and made freely accessible on the web for weeks. Now, recent analyses are showing how the massive corporate structures of third-party contractor Amazon may have caused problems with shared data infrastructure, risk assessment and awareness of potential threats, as well as security upgrades.
“The entire story is quite baffling,” comments Vincentas Grinius, CEO of Heficed, a provider of dedicated server solutions. “Very little hacking was actually involved, the alleged criminal exploited insider knowledge that was not revised or updated for years, and the crime was only noticed after she posted about it repeatedly on the internet.”
New reports now revealed that the alleged hacker Paige Thompson had previously worked as a systems engineer at Amazon.com. Aside from trading goods, the retail giant also offers its infrastructure for cloud computing solutions, in the case of Capital One for data storage. Thompson quit the job almost three years ago according to her Linkedin profile.
It seems that she gained inside knowledge during her time with Amazon that allowed her to access the cloud data storage, not only after she left the company, but even earlier this year still. This means that there were no substantial upgrades made to the Amazon cloud’s inner workings during that time.
Cloud servers have distinct advantages, but also suffer from disadvantages, particularly in a large-scale corporate context. Specifically, companies of Amazon’s size often cannot offer dedicated servers, which alleviate many of those disadvantages. “Smaller companies can offer dedicated servers, meaning that they are used by one client only and can be completely customized according to t ..