Former Amazon Web Services (AWS) engineer found guilty of hacking cloud customer storage systems and stealing massive data 2019 Capital One violation. Seattle District Court has convicted Paige Thompson of seven counts of computer and wire fraud on Friday, a crime punishable by up to 20 years in prison.
Thompson, also known as “Erotic” online, was arrested for hacking Capital One in July 2019. The breakthrough was one of the largest ever recorded, revealing the names, dates of birth, social security numbers, email addresses and phone numbers of more than 100 million people in the United States and Canada. Capital One has since been fined $ 80 million for alleged failure to provide data to users and paid off affected customers for $ 190 million.
or press release from the Ministry of Justice (DOJ) states that Thompson developed a tool that scans AWS for incorrectly configured accounts and then uses those accounts to gain access to the systems of Capital One and dozens of other AWS customers. Prosecutors also say Thompson has “taken away” the company’s servers to install cryptocurrency mining software that will transfer all proceeds to her personal crypto wallet. She then “bragged” about her mistakes in online forums and text messages.
There was some debate at the time about whether Thompson was an ethical hacker or a security researcher due to her unusual frankness about her role in the online attack on Capital One – She posted sensitive customer data on a public GitHub page and shared details of the breakthrough on Twitter and Slack. Earlier this year, The Ministry of Justice has made it clear that it will not prosecute security researchers under the Computer Fraud and Abuse Act. But U.S. prosecutors were clearly not convinced that Thompson’s actions fell into this exception.
“Far from being an ethical hacker trying to help companies with their computer security, it uses mistakes to steal valuable data and seeks to enrich itself,” said US Attorney Nick Brown in a statement. Thompson’s sentencing hearing will take place on September 15, 2022.