Paige Thompson boasted on social networks after Capital One hack: court docs
The software engineer apparently behind one of the biggest bank data breaches in history boasted about her hacking prowess online while acquiring individual details from more than 100 million Capital One credit applications, federal district attorneys stated.
Paige A. Thompson, who used the online deal with “irregular,” was charged Monday with a single count of computer system scams and abuse in federal court in Seattle after FBI officials connected her to online posts detailing the massive information theft on Twitter and Slack, court files show.
“I have actually essentially strapped myself with a bomb vest,” Thompson composed on June 18, according to the criminal problem. “F– king dropping capitol ones dox and admitting it.”
An FBI agent who led the examination into Thompson, 33, said she was able to obtain the data by means of a “firewall software misconfiguration” that enabled her to execute commands with a server that gave her access to information in Capital One’s storage area at a “Cloud Computing Business,” according to the criminal complaint.
That company was recognized as Amazon by the New York City Times, which likewise reported that Thompson previously worked for Amazon Web Services. She was listed as the organizer for a Meetup group called Seattle Warez Kiddies, an online center for people who appreciate “distributed systems, programming hacking [and] splitting.”
An online tipster very first called Capital One on July 17 about a potential vulnerability in its data, saying that leaked information seemed on a code-hosting website called GitHub. 2 days later on, bank authorities confirmed the breach by an “outside individual” and the information copied from Capital One mainly consisted of information associated to credit applications, most likely numbering in the 10s of millions, the grievance states.
“Although some of the details in those applications (such as Social Security numbers) has been tokenized or encrypted, other info consisting of candidates’ names, addressed, dates of birth and details regarding their credit history has not been tokenized,” the document reads. “According to Capital One, that information consists of roughly 120,000 Social Security Numbers and around 77,000 checking account numbers.”
10 days after Capital One looked out to the vulnerability, Thompson posted about “a number of business, government entities and academic organizations,” which an FBI Cyber Team detective stated appeared to be recommendations to other data breaches she “may have committed,” according to the grievance.
In one message on Slack, Thompson tried to downplay a message from another user who warned her to tread lightly, stating “don’t go to jail plz,” the complaint states.
“I wan na get it off my server that’s why Im archiving all of it lol,” Thompson replied, according to court documents. “Its all encrypted. I simply don’t desire it around however. I got ta find someplace to save it.”
Thompson, who made her preliminary look Monday in federal court in Seattle, was ordered to stay in custody until a detention hearing on Thursday. Her court-appointed lawyer did not instantly return a message seeking comment.
Thompson, meanwhile, has actually “made statements on social networks evidencing the truth that she knows of Capital One, which she acknowledges that she has actually acted illegally,” according to the grievance, which said detectives ultimately verified her identity after she posted a price quote online that she got from a vet about among her pets.
In a declaration released Monday, Capital One officials said the information breach impacted roughly 100 million individuals in the United States and 6 million in Canada.
No credit card account numbers or log-in qualifications were compromised, however approximately 140,000 Social Security varieties of its charge card customers were acquired, or 20,000 more than the FBI’s price quote, according to bank authorities.
“While I am grateful that the perpetrator has actually been caught, I am deeply sorry for what has actually happened,” Capital One chairman and CEO Richard Fairbank stated. “I sincerely excuse the reasonable concern this event should be causing those impacted and I am devoted to making it right.”
With Post wires
This content was originally published here.