Former AWS engineer convicted of $270 million Capital One hack

former AWS The engineer was convicted of seven counts of fraud after stealing personal data of more than 100 million people from unsecured accounts on the cloud platform. The breach has so far cost US Capital One Bank, one of the 30 institutions affected, more than $270 million in compensation and regulatory fines.

Capital One paid $270 million in compensation and fines for the breach, in which customer data was stolen from an unsecured AWS storage container. (Photo by ProArtWork/iStock)

Paige Thompson was arrested in July 2019, after Capital One alerted the FBI about the breach. Prosecutors alleged that she stole personal data of more than 100 million of the company’s customers, including 140,000 Social Security numbers and 80,000 bank account numbers.

Capital One, one of 30 institutions hacked by Thomson, was fined $80 million by a US regulator in August 2020 for failing to properly secure its customers’ data. Last month, it agreed to pay $190 million to settle a class-action lawsuit representing clients affected by the breach.

“Thomson used a tool I designed to scan Amazon Web Services accounts for invalid accounts,” the US Attorney for Washington State said in a statement. “Then then used those misconfigured accounts to hack and download data of more than 30 entities, including Capital One.”

Thompson, who was employed at AWS between 2015 and 2016, used hacked accounts to mine cryptocurrency, a practice known as cryptojackingProsecutors said.

How did the “Capital One” hack happen?

Capital One received an anonymous whistleblower report in July 2019, alerting the company to the leak of data from a bank-operated S3 storage container. github. The US Department of Justice said at the time that the S3 container had a “firewall configuration error”.

See also  The United Auto Workers go on strike against Ford, GM and Stellantis

The FBI tracked Thompson to a Slack channel in which she claimed to have the stolen data. She also spoke of her intention to enter a psychiatric institution.

Content from our partners
How to enhance finance functions and leverage technology for future operating possibilities

How digital technologies can address the challenges and opportunities posed by environmental, social and corporate governance

Closing the loop: Why QA should use independent testing

Thompson will be sentenced in September.

Misconfigured AWS instances have resulted in a number of high profile data breaches. Earlier this month, researchers revealed that 6.5 terabytes of data from Turkish airline Pegasus Airlines, including personal data of customers and employees, were Exposed in an insecure AWS Storage Container. And in 2017, 100 GB of US intelligence and security command data was discovered in an incorrectly configured bucket.

Anti-malware provider Malwarebytes detected a 300% increase in “cryptojacking” malware last year, as the price of cryptocurrencies — in particular, Monero — soared.

Read more: Russian robots that hacked millions of devices disassembled by the FBI

Leave a Reply

Your email address will not be published. Required fields are marked *