A former Amazon employee from Seattle, Washington, was convicted of hacking Capital One’s database and stealing social security numbers along with the birth dates of 100 million people.
RELATED STORIES: Ring And Amazon Sued Over Surveillance Hacking
The Amazon worker bragged about hacking the companies database on various online forums and text messages
Paige Thompson,36, worked as an engineer for Amazon’s Web Services and reportedly bragged about the crime on message boards and text messages. According to prosecutors, she used the name “Erratic” to have access to Amazon’s client data that was stored on their servers. One of those clients was Capital One and she also used secured access to mine cryptocurrency in March 2019. She was later arrested by the FBI in July of that year as reported by Insider.
During the breach, Thompson had access to customers’ addresses, social security numbers, date of birth, and social security numbers. Due to the security breach, Captial One was fined $80 million and settled a class-action lawsuit for $190 million in December.
RELATED STORIES: Hacker Gains Access To 100 Million Capital One Credit Card Applications
Additionally, the data breach included 120,000 social security numbers, and 77,000 bank account numbers.
“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people and hijacked computer servers to mine cryptocurrency. Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself,” said U.S. Attorney Nick Brown during closing arguments.
The Department of Justice also said she used a tool that scanned Amazon Web Services accounts to look for “misconfigured accounts.” “She wanted data, she wanted money, and she wanted to brag,” said Assistant United States Attorney Andrew Friedman. Her sentencing is scheduled for September 15, 2022.
“Thompson was found guilty of Wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The jury found her not guilty of access device fraud and aggravated identity theft.”
She faces a five-year prison sentence and a $250,000 fine pending her upcoming court date.
Other companies were a part of a nationwide breach outside of Capital One
According to CNBC, Equifax and Marriott were hacked by criminals on a nationwide scale and investigators believe Thompson acted alone. Amazon also said in a statement in 2019 that their Web Services division was not compromised by the data breach.
“AWS was not compromised in any way and functioned as designed. The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure. … This type of vulnerability is not specific to the cloud.”
Capital One learned about the breach through an email that informed them that someone leaked s3 data on the platform GitHub. The file contained Thompson’s IP address, said, investigators and the FBI searched through her social media pages where she claimed she was checking herself into a psychiatric ward after she was doxed for the breach.
“After this is over I’m going to go check into the mental hospital for an indefinite amount of time. I have a whole list of things that will ensure my involuntary confinement from the world. The kind that they can’t ignore or brush off onto the crisis clinic. I’m never coming back.”