A former Amazon engineer was found guilty of hacking into customers’ cloud storage systems and obtaining data related to the major Capital One data breach in 2019.
Paige Thompson, who worked for Amazon Web Services, was convicted on seven counts of computer and wire fraud by a US District Court in Seattle on Friday, a crime punishable by up to 20 years in prison.
Thompson, also known online as “Erratic,” was arrested in July 2019 for his role in the Capital One breach.
The breach was one of the greatest ever recorded, revealing over 100 million people’s names, birth dates, social security numbers, email addresses, and phone numbers in the United States and Canada.
Capital One has already been fined $80 million for allegedly failing to protect users’ data and has reached a $190 million settlement with impacted consumers.
Thompson created a program that searched AWS for misconfigured accounts and then used these accounts to obtain access to the systems of Capital One and dozens of other AWS clients.
Prosecutors said Thompson “hacked” company systems in order to install cryptocurrency mining software that would send any profits to her own cryptocurrency wallet. She then “bragged” about her transgressions in online forums and text messages.
Thompson’s remarkable candor about her participation in the Capital One assault online — she put customers’ private data on a public GitHub page and revealed the specifics of the breach on Twitter and Slack — sparked some controversy about whether she was an ethical hacker or a security researcher at the time.
The Justice Department stated earlier this year that it would not prosecute security researchers under the Computer Fraud and Abuse Act. However, US prosecutors were clearly not satisfied Thompson’s activities came under this exemption.
US attorney Nick Brown said: “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”
Thompson’s sentencing hearing will take place on September 15th, 2022.
Source: The Verge