Ex-Amazon employee convicted over Capital One hack
Paige A. Thompson, who was working at AWS at the time of the hack, was found guilty of seven counts of wire and computer fraud.
Thompson, a former Amazon Web Services (AWS) engineer, has been found guilty of seven federal crimes connected to her scheme to hack into cloud computer data storage accounts.
Prosecutors at the US District Court in Seattle used Thompson’s text and online chats to show how she built a tool that scanned AWS accounts for misconfigurations and leveraged those to her own benefit.
Among over 30 entities Thompson hacked was Capital One bank. The breach was among the largest ever reported, leaking personally identifiable information (PII) of over 100 million people in the US and Canada.
The breach cost the bank millions. US Treasury fined Capital One $80 million for the breach, and the bank also settled a class-action lawsuit with customers for $190 million.
According to a press release by the Department of Justice (DoJ), the Thompson’s hacks also involved planting crypto miners on various servers, with earnings going to her online wallet.
“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency. Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself,” said US Attorney Nick Brown.
Thompson, who went by the alias ‘erratic’ online, was found guilty of Wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The penalty for Wire fraud is up to 20 years in prison, with illegal access punishable by up to five years in prison.
The DoJ statement noted that not only did Thompson spend hundreds of hours building the hacking tools, but she also went on to brag about her illegal activities in online forums and via text messages.
More from Cybernews:
Subscribe to our newsletter