capital one mea

Ex-Amazon engineer found guilty of massive Capital One bank hack

According to 01Net’s Ex-Amazon engineer found guilty of massive Capital One bank hack
news, I share all my suggestions, recommendations and opinions about Ex-Amazon engineer found guilty of massive Capital One bank hack
with you. Details are below…

Paige Thompson stole the data of 106 million customers in 2019. She used the information collected when she was an engineer at Amazon Web Services to commit her misdeed.

This is one of the biggest data thefts in US history. Paige Thompson siphoned information from 100 million Americans and 6 million Canadians in March 2019. Capital One bank customers who had applied for a credit card. A federal jury in Seattle found her guilty of wire fraud and hacking.

Her defense had put forward issues of depression and attempted to pass her off as an ethical hacker. A thesis that did not convince the Department of Justice, convinced that she never intended to inform the bank of what she had done. The 33-year-old at the time of the event had managed to recover 120,000 social security numbers and 77,000 bank account numbers.

Servers were misconfigured

If she succeeded in this feat, it was by using her experience as an engineer at Amazon Web Services, the cloud computing services branch of Amazon. But she was already out of office when she took action. She simply looked for vulnerable AWS customers because they had misconfigured their servers and in particular the firewall supposed to protect them. She knew that was the case with Capital One. She then exploited this weakness to impersonate an authorized user. The internal system considered it a friendly computer, responding to its data requests. This earned the bank an $80 million fine from the Treasury Department for failing to protect its users’ data.

Paige Thompson does not appear to have used the retrieved information to impersonate the customers. But federal prosecutors pointed out that she installed cryptocurrency mining software on the companies’ servers with the intention of making money. The crime would have been near perfect if she hadn’t bragged about her misdeed on social media and GitHub platforms under the pseudonym “Erratic.” This is how Capital One learned of the hack and the FBI got on its trail.

Paige Thompson remains free on bail pending sentencing on September 15.

Source :

The New York Times