Paige Thompson was accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.
Paige had exploited a Server Side Request Forgery vulnerability (SSRF) to invoke the AWS meta-data endpoint and subsequently steal authentication tokens to gain access to Capital One's internal network.
The following interactive tutorial is a reconstruction of this data breach incident that exposed the records of almost 106 million customers, how Paige exploited this vulnerability and steps developers can take to mitigate against SSRF vulnerabilities.
Top comments (0)