Over 106 million personal details have been stolen and published on the web. The suspected hacker has been was arrested but had access to all of the data submitted to Capital One between 2005 and 2019.
The Seattle based hacker was a local software engineer named as Paige A. Thompson, aka "erratic," aka 0xA3A97B6C on Twitter, was suspected of nicking the data, and was collared by the FBI at her home on Monday this week.
The financial giant said the intruder exploited a "configuration vulnerability," while the Feds said a "firewall misconfiguration permitted commands to reach and be executed" by Capital One's cloud-based storage servers. US prosecutors said the thief slipped past a "misconfigured web application firewall."
Either way, someone using VPN service IPredator and the anonymising Tor network illegally accessed the bank's in-the-cloud systems, and downloaded the private data. This "misconfiguration" has since been fixed.