former AWS The engineer was convicted of seven counts of fraud after stealing personal data of more than 100 million people from unsecured accounts on the cloud platform. The breach has so far cost US Capital One Bank, one of the 30 institutions affected, more than $270 million in compensation and regulatory fines.
Paige Thompson was arrested in July 2019, after Capital One alerted the FBI about the breach. Prosecutors alleged that she stole personal data of more than 100 million of the company’s customers, including 140,000 Social Security numbers and 80,000 bank account numbers.
Capital One, one of 30 institutions hacked by Thomson, was fined $80 million by a US regulator in August 2020 for failing to properly secure its customers’ data. Last month, it agreed to pay $190 million to settle a class-action lawsuit representing clients affected by the breach.
“Thomson used a tool I designed to scan Amazon Web Services accounts for invalid accounts,” the US Attorney for Washington State said in a statement. “Then then used those misconfigured accounts to hack and download data of more than 30 entities, including Capital One.”
Thompson, who was employed at AWS between 2015 and 2016, used hacked accounts to mine cryptocurrency, a practice known as cryptojackingProsecutors said.
How did the “Capital One” hack happen?
Capital One received an anonymous whistleblower report in July 2019, alerting the company to the leak of data from a bank-operated S3 storage container. github. The US Department of Justice said at the time that the S3 container had a “firewall configuration error”.
The FBI tracked Thompson to a Slack channel in which she claimed to have the stolen data. She also spoke of her intention to enter a psychiatric institution.
Thompson will be sentenced in September.
Misconfigured AWS instances have resulted in a number of high profile data breaches. Earlier this month, researchers revealed that 6.5 terabytes of data from Turkish airline Pegasus Airlines, including personal data of customers and employees, were Exposed in an insecure AWS Storage Container. And in 2017, 100 GB of US intelligence and security command data was discovered in an incorrectly configured bucket.
Anti-malware provider Malwarebytes detected a 300% increase in “cryptojacking” malware last year, as the price of cryptocurrencies — in particular, Monero — soared.