27 C
New York
Friday, August 12, 2022

Ex-Amazon employee convicted of 2019 Capital One hack

A former Amazon Web Services (AWS) engineer has been found guilty of hacking into customers’ cloud storage systems and stealing data related to the massive 2019 Capital One breach. U.S. District of Seattle convicted Paige Thompson of seven counts of computer and electronic fraud, a felony punishable by up to 20 years in prison.

Thompson, who also went by “Erratic” online, was arrested for hacking Capital One in July 2019. The breach was one of the largest on record, exposing names, dates of birth, social security numbers, email addresses, and phone numbers of over 100 million people in the United States and Canada. Capital One has since been fined $80 million for allegedly failing to secure user data and settled with affected customers for $190 million.

A Department of Justice (DOJ) press release says Thompson has developed a tool that scans AWS for misconfigured accounts, then exploits those accounts to gain access to Capital One systems and dozens of other AWS customers. . Prosecutors also claim Thompson “hacked” into the companies’ servers to install cryptocurrency mining software that would transfer all earnings to his personal crypto wallet. She then “bragged” about her misdeeds in online forums and via text message.

At the time, there was debate over whether Thompson was an ethical hacker or a security researcher due to her unusual outspokenness about her role in the attack on Capital One online – she released the data sensitive customers on a public GitHub page and shared details of the breach on Twitter and Slack. Earlier this year, the Department of Justice made it clear that it would not prosecute security researchers under the Computer Fraud and Abuse Act. But US prosecutors obviously weren’t convinced that Thompson’s actions fell within that exception.

“Far from being an ethical hacker trying to help companies with their IT security, she exploited errors to steal valuable data and sought to enrich herself,” U.S. Attorney Nick Brown said in a statement. Thompson’s sentencing hearing will take place on September 15, 2022.

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles