U.S. Senator Sends Letter to Amazon CEO on Capital One Hack -- Update
06 August 2019 - 7:02AM
Dow Jones News
By Robert McMillan
A Democratic senator is pressing Amazon.com Inc. for answers on
its cloud-computing technology at the heart of the Capital One
hack, one of the biggest-ever bank-data thefts.
Sen. Ron Wyden (D., Ore.) on Monday sent a letter to Chief
Executive Jeff Bezos requesting details about the security of
Amazon's cloud service, which stored the 106 million Capital One
Financial Corp. credit-card records allegedly stolen by an accused
hacker.
Capital One blamed the incident on "a specific configuration
vulnerability" in the way it uses Amazon's cloud. The Wall Street
Journal reported Sunday how the accused hacker, Paige A. Thompson,
was allegedly able to find an opening in Capital One's systems and
exploit a weakness in some misconfigured networks that
cloud-security experts have warned about for years
Mr. Wyden's letter, dated Monday and reviewed by the Journal,
seeks to better understand how these configuration errors happen
and what Amazon is doing to protect its customers from them. The
Journal reported that more than 800 Amazon users were found
vulnerable to a similar configuration error, according to a partial
scan of cloud users, conducted in February by a security
researcher.
"When a major corporation loses data on a hundred million
Americans because of a configuration error, attention naturally
focuses on that corporation's cybersecurity practices," the letter
stated. "However, if several organizations all make similar
configuration errors, it is time to ask whether the underlying
technology needs to be made safer, and whether the company that
makes it shares responsibility for the breaches."
Sen. Wyden asked Mr. Bezos to send answers to his questions by
Aug. 13.
Amazon representatives didn't immediately respond to requests
for comment. Amazon has said that its cloud products weren't the
cause of the breach and that it provides tools to alert customers
when data is being improperly accessed.
Capital One declined to comment.
The letter also cites a since-deleted Twitter message last week
from a senior security engineer at Netflix Inc. saying the
video-streaming service has sought increased security measures from
Amazon to protect itself against the configuration error.
"Unfortunately we didn't get a satisfactory response," the engineer
said, according to a copy of the tweet viewed by the Journal.
A Netflix spokeswoman said the company's engineer was asked to
remove his tweet because it doesn't reflect the company's views.
Netflix has no technical issues with Amazon, she said.
Netflix, like Capital One, is a marquee customer for Amazon's
cloud business and is listed as a case study of how to use the
cloud on Amazon's website. Cloud computing is a big profit driver
for Amazon, which commanded nearly half of the public cloud market
in 2018, according to Gartner.
Sen. Wyden is starting this inquiry as "part of his ongoing
privacy and cybersecurity oversight work," and not in conjunction
with a committee investigation, a Wyden aide said.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
August 05, 2019 16:47 ET (20:47 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.
Capital One Financial (NYSE:COF)
Historical Stock Chart
From Jun 2024 to Jul 2024
Capital One Financial (NYSE:COF)
Historical Stock Chart
From Jul 2023 to Jul 2024