Capital One — AWS misconfiguration breach

In March 2019 Paige Thompson, a former Amazon Web Services systems engineer, exploited a misconfigured Capital One web application firewall to obtain temporary credentials for an AWS role that had over-broad access to Capital One’s S3 storage. Using those credentials, she enumerated and downloaded contents from more than 700 buckets, including the credit-card application data of approximately 100 million US and 6 million Canadian Capital One customers. The data covered roughly fourteen years of card applications and included names, addresses, dates of birth, self-reported income, credit scores, and around 140,000 US Social Security numbers and 80,000 linked bank account numbers. Thompson posted samples of the data to GitHub and discussed the intrusion on a public Slack channel. A reader of one of those channels noticed the bank’s name in the file paths, alerted Capital One’s responsible-disclosure inbox on 17 July, and the company verified the breach within 48 hours. Thompson was arrested on 29 July 2019.

The technical mechanism was a server-side request forgery against the WAF. The WAF was configured with a role permitting it to read instance metadata from the Amazon EC2 metadata service. Thompson sent a crafted request that caused the WAF to retrieve and disclose its own role credentials. With those credentials she could authenticate to AWS APIs as the WAF — and the WAF role had been granted permissions far in excess of what its function required, including bucket-list and object-read permissions across customer data stores it had no business reading. The misconfiguration was not an AWS platform vulnerability. It was a Capital One IAM permission set that had been over-provisioned, combined with a WAF rule set that permitted SSRF-style outbound requests from the appliance.

The Office of the Comptroller of the Currency fined Capital One $80 million in 2020 for the breach, and the bank settled a class action for $190 million. Thompson was convicted in 2022 of seven federal computer-fraud counts, sentenced to time served and five years’ probation, and ordered to pay restitution. The judge declined to impose prison time, citing her mental-health status and the fact that the data did not appear to have been sold or used for further fraud.

Defender takeaway: the headline lesson is identity, not network. Capital One had encryption at rest, network segmentation, and modern monitoring. None of that mattered because the attacker was authenticated to AWS as a legitimate Capital One service principal. Any IAM role attached to a public-internet-facing component (a WAF, an API gateway, a load balancer) should be treated as compromisable and granted only the minimum permissions strictly required. Beyond that: instance-metadata-service v2, which requires a signed token rather than a simple GET, would have prevented the SSRF in this specific case and is now the AWS default. And monitoring for one IAM role enumerating 700+ buckets in a short window is the kind of behavioural alert every cloud-security tool can run — provided someone has configured it.