Hacker ID’d as former Amazon employee steals data of 106 million people from Capital One

.

A systems engineer recognized in media reports as a previous Amazon worker has actually been detained on charges that she hacked into Capital One’s network and took delicate information for about 106 million individuals, according to an FBI court filing and a declaration from the Virginia-based bank.

Accused Paige A. Thompson, 33, of Seattle was a staff member of Amazon Web Provider, The New York City Times and Bloomberg News reported, mentioning business agents. FBI Unique Representative Joel Martini composed in a criminal problem submitted on Monday that a GitHub account coming from Thompson revealed that, previously this year, somebody made use of a firewall software vulnerability in Capital One’s network that permitted an enemy to perform a series of commands on the bank’s servers.

Capital One has verified the invasion and stated it impacted about 100 million people in the United States and 6 million individuals in Canada. Individual info taken consisted of names, earnings, dates of birth, addresses, telephone number, and e-mail addresses. Social security numbers for 140,000 individuals were likewise acquired, and about 80,000 savings account numbers were accessed.

Social Insurance coverage numbers for about 1 million Canadians were likewise acquired. No charge card numbers or login qualifications were jeopardized. The information originated from charge card applications submitted from 2005 through early 2019; client status information, such as credit rating, credit line, balances, payment history, and contact info; and pieces of deal information from an overall of 23 days throughout 2016, 2017 and2018 It’s not likely the taken information was utilized in scams or was extensively shared, bank authorities stated.

” While I am grateful that the wrongdoer has actually been captured, I am deeply sorry for what has actually taken place,” Richard D. Fairbank, Capital One creator, chairman and CEO, stated in a declaration. “I all the best excuse the easy to understand concern this event need to be triggering those impacted, and I am devoted to making it right.”

One command performed in the firewall software hack permitted the burglar to acquire qualifications for an administrator account referred to as ***** WAF-Role. The command in turn made it possible for access to bank information kept under agreement by a cloud calculating business that went unnamed in court files, however was recognized as AWS by the NYT and Bloomberg. Other commands permitted the assaulter to identify Capital One folders kept on AWS and to copy their contents. IP addresses and other proof eventually revealed that Thompson was the individual who made use of the vulnerability and published the information to Github, Martini stated.

Thompson apparently utilized a VPN from IPredator and Tor in an effort to cover her tracks. At the exact same time, Martini stated that much of the proof connecting her to the invasion came straight from things she published to social networks or put in direct messages. A June 26 Slack publishing and another post the next day to an unnamed service, for example, both described the WAF-Role account.

In action to a June 27 post, somebody informed her: “questionable shit. do not go to prison, plz.” Utilizing the manage irregular she reacted [sic throughout]:

wa wa wa wa, wa wa wa wa wa wa wawaaaaaaaaaaa. I resemble > ipredator > tor > s3 on all this shit. i wan na get it off my server thats why Im archiving all of it. Its all encrypted. I simply do not desire it around however. I got ta discover someplace to save it. That infobloxcto one is intriguing. They have > 500 docker containers.

Martini stated that, on June 18, a Twitter user with the screen name Unpredictable sent out direct messages to another user that checked out: “I have actually generally strapped myself with a bomb vest, fucking dropping capitol ones dox and confessing. I wan na disperse those pails i believe initially. There ssns … with complete name and dob.”

The Twitter profile of "Erratic," a persona federal authorities said belonged to defendant Thompson.
Enlarge
/ The Twitter profile of “Unpredictable,” a personality federal authorities stated come from offender Thompson.

The unnamed receiver of those messages sent them to Capital One authorities. Capital One authorities likewise got an e-mail dated July 17 from somebody reporting that delicate information was published to Thompson’s Github account. “Let me understand if you desire aid tracking them down,” the individual composed. It wasn’t right away clear if the reports originated from the exact same individual or more various individuals. Other proof connecting Thompson to the hack consisted of IP addresses, Martini stated. Capital One verified the invasion on July 19.

Thompson was detained on Monday and is being apprehended pending a bail hearing set up for Thursday. She’s charged with a single count of computer system scams and deals with an optimum charge of 5 years in jail and a $250,000 fine. At a court hearing later on in the day, according to Bloomberg News, Thompson “broke down and laid her head down on the defense table.”