Ex-Amazon Cloud Worker Convicted of Massive Capital One Hack
Ex-Amazon Cloud Worker Convicted of Massive Capital One Hack
Paige Thompson, whose screen name was ‘erratic,’ found guilty
Data from about 100 million people accessed in server attacks
The home of Paige Thompson in Seattle in 2019.
The home of Paige Thompson in Seattle in 2019.Photographer: Ted S. Warren/AP Photo
ByRobert Burnson
18 June 2022 at 03:54 BSTUpdated on18 June 2022 at 14:23 BST
Listen to this article
2:03
Share this article
Follow the authors
+ Get alerts forRobert Burnson
In this article
AMZN
AMAZON.COM INC
108.92USD+1.52+1.42%
From the Apple scoop machine
Be the first to know what’s next in tech from Mark Gurman's Power On newsletter.
Email
Enter your email
Sign Up
Bloomberg may send me offers and promotions.
By submitting my information, I agree to the Privacy Policy and Terms of Service.
A former Amazon Web Services worker was convicted of hacking into the company’s cloud servers to steal customer data and computer power that she used to mine cryptocurrency.
Following a week-long trial in Seattle, Paige A. Thompson, 36, was found guilty of seven federal crimes, including wire fraud, which carries a prison sentence of as long as 20 years, US prosecutors said Friday in a statement.
Prosecutors say Thompson, who went by the screen name “erratic,” created a tool that searched for misconfigured accounts on Amazon Web Services. She was able to hack into the accounts of more than 30 Amazon customers, including Capital One Bank, and download the personal information of more than 100 million people, they said. Capital One disclosed the breach in 2019 and paid regulatory fines of more than $80 million, along with $190 million to settle customer lawsuits.
Read More: Former AWS Worker Is Accused in Cloud Hack of Capital One
Aside from stealing data, Thompson planted mining software on servers that she used to harvest cryptocurrencies with the proceeds going to her online wallet, prosecutors say.
Thompson’s lawyers didn’t immediately respond to requests for comment.
She allegedly extolled her crimes in texts and online forums, which were shown at her trial. “She wanted data, she wanted money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said in closing arguments, according to the statement.
Sponsored Content
Cloud-Based 5G Technology From AWS and Verizon Powers the Future of Media
AWS and Intel
Read More: Alleged Capital One Hacker Struggled With Jobs, Personal Life
After deliberating for 10 hours, the jury found her guilty of wire fraud, unauthorized access to a protected computer and damaging a protected computer, according to the statement. She was found not guilty of access device fraud and aggravated identity theft.
US District Judge Robert S. Lasnik scheduled sentencing for Sept. 15.
The case is USA v. Thompson, 19-cr-00159, U.S. District Court, Western District of Washington (Seattle).
Paige Thompson, whose screen name was ‘erratic,’ found guilty
Data from about 100 million people accessed in server attacks
The home of Paige Thompson in Seattle in 2019.
The home of Paige Thompson in Seattle in 2019.Photographer: Ted S. Warren/AP Photo
ByRobert Burnson
18 June 2022 at 03:54 BSTUpdated on18 June 2022 at 14:23 BST
Listen to this article
2:03
Share this article
Follow the authors
+ Get alerts forRobert Burnson
In this article
AMZN
AMAZON.COM INC
108.92USD+1.52+1.42%
From the Apple scoop machine
Be the first to know what’s next in tech from Mark Gurman's Power On newsletter.
Enter your email
Sign Up
Bloomberg may send me offers and promotions.
By submitting my information, I agree to the Privacy Policy and Terms of Service.
A former Amazon Web Services worker was convicted of hacking into the company’s cloud servers to steal customer data and computer power that she used to mine cryptocurrency.
Following a week-long trial in Seattle, Paige A. Thompson, 36, was found guilty of seven federal crimes, including wire fraud, which carries a prison sentence of as long as 20 years, US prosecutors said Friday in a statement.
Prosecutors say Thompson, who went by the screen name “erratic,” created a tool that searched for misconfigured accounts on Amazon Web Services. She was able to hack into the accounts of more than 30 Amazon customers, including Capital One Bank, and download the personal information of more than 100 million people, they said. Capital One disclosed the breach in 2019 and paid regulatory fines of more than $80 million, along with $190 million to settle customer lawsuits.
Read More: Former AWS Worker Is Accused in Cloud Hack of Capital One
Aside from stealing data, Thompson planted mining software on servers that she used to harvest cryptocurrencies with the proceeds going to her online wallet, prosecutors say.
Thompson’s lawyers didn’t immediately respond to requests for comment.
She allegedly extolled her crimes in texts and online forums, which were shown at her trial. “She wanted data, she wanted money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said in closing arguments, according to the statement.
Sponsored Content
Cloud-Based 5G Technology From AWS and Verizon Powers the Future of Media
AWS and Intel
Read More: Alleged Capital One Hacker Struggled With Jobs, Personal Life
After deliberating for 10 hours, the jury found her guilty of wire fraud, unauthorized access to a protected computer and damaging a protected computer, according to the statement. She was found not guilty of access device fraud and aggravated identity theft.
US District Judge Robert S. Lasnik scheduled sentencing for Sept. 15.
The case is USA v. Thompson, 19-cr-00159, U.S. District Court, Western District of Washington (Seattle).
