Capital One Hacker Paige Thompson Gained Access To Millions Of Customer's Account Data — How She Did It
She accessed millions of credit card applications.
This week, Capital One announced that it was the victim of one of the largest hacks of customer data in history. The bank said that over 100 million customers' personal files were accessed by a lone-wolf hacker from Seattle. Paige Thompson was arrested for stealing files from credit card applications that included names, birth dates and Social Security numbers. The bank will be notifying users if their data is at risk. Thompson is under arrest and facing up to five years in prison and a quarter of a million dollars in fines.
Who is Paige Thompson? Keep reading for details.
1. Into the breach
The breach allegedly occurred back in April — or at least that's when someone posted instructions on a software site on how to get into Capital One's files. The servers, which were rented space using Amazon's cloud systems, contained user data, including files for credit card applications. On July 17, an anonymous tipster let the company know that info on how to get into their system was floating around GitHub, a networking site for software pros. The company investigated and discovered that their security had been breached. Someone gained access to 100 million credit card applications. The hack put about 140,000 Social Security numbers and 80,000 bank accounts at risk, as well as personal addresses, names, birth dates and other identifying information, according to NBC.
2. Paige Thompson arrested
The FBI followed the breadcrumbs left behind by the hacker and discovered that the GitHub user was Paige Thompson of Seattle. NBC says that when the FBI searched her home, they found "numerous digital devices" that appeared to contain data from Capital One, as well as other institutions that may have been targeted. Thompson was arrested and charged with computer fraud and abuse, which is punishable by up to five years in prison and a $250,000 fine.
Video of the cops entering Thompson's home.
3. Computer engineering whiz
Thompson's resume contains a long string of computer related jobs dating back to 2005. CBS reports that an online resume Thompson posted lists a number of different positions and she lists duties such as "assisting in the development of analytics platform" or "site maintenance" for all of them. None of the jobs lasted longer than 18 months however, and she doesn't make it clear if she was ever a full time employee or if she was working on a contract basis. The final job listed on her resume was a System Engineer for Amazon, a position she left in 2016.
4. Begging to be caught
There was no doubt that Thompson was the mastermind behind the hack. CBS reports that her social media account, which used her alias "erratic" boasted about having documents related to "several companies, government entities, and educational entities," according to federal court documents. She even went so far as to tweet: "Ive basically strapped myself with a bomb vest, f***ing dropping capital ones dox and admitting it," the message read. "I wanna distribute those buckets i think first." She also had let Capital One know as early as June what she was doing. It's unclear whether Capital One investigated at that time.
Thompson chatted openly about her hacking.
5. Out of character
One former employer admitted that Thompson was a hacker but expressed surprise that she would have used her skills to steal data this way. Neo Nasrati, CEO of ColumbusSoft, characterized her as a "very talented 'white hat' ethical hacker." He told CBS that she used her skills to detect flaws in client security systems, not to break into corporate systems for her own benefit. "She was involved in the hacker community, but from what I knew of her I don't see how she would have done anything illegal."
Thompson worked for multiple companies including Amazon.
6. Capital One's response
The banking giant issued a statement of apology on Monday. “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” Capital One Chairman and CEO Richard D. Fairbank said. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
The company also issued a statement saying, "We will notify affected individuals through a variety of channels. We will make free credit monitoring and identity protection available to everyone affected."
The company is attempting to be helpful after the fact.
7. Connection to Amazon
Capital One was using server space rented from Amazon Web Services cloud computing system to house the data Thompson grabbed. CNBC noted that Thompson, using her past expertise and testing corporate cybersecurity flaws, was able to exploit a flaw in the firewall on Amazon Web Services cloud server to gain access to the information. Thompson, as previously noted, worked for Amazon several years ago. The giant online retailer was quick to say that her experience in the company was not how she got into the cloud and she didn't get into AWS directly; she cracked an app managed by Capital One, not Amazon. “AWS was not compromised in any way and functioned as designed,” Amazon said in a statement. Amazon explained that the breach was possible due to a misconfiguration of firewall settings on a web application not a vulnerability in Amazon's cloud server itself. They were also adamant that any hacker could have done this, it wasn't something Thompson learned on the job at Amazon.
Amazon is distancing itself from the hack.
If your data was compromised in the hack, Capital One is planning to alert you. Meanwhile CNN is offering some good tips on protecting your identity if you were affected.
Rebekah Kuschmider has been writing about celebrities, pop culture, entertainment, and politics since 2010. Her work has been seen at Ravishly, Babble, Scary Mommy, The Mid, Redbook online, and The Broad Side. She is the creator of the blog Stay at Home Pundit and she is a cohost of the weekly podcast The More Perfect Union.