Home / Tech / The ex-Amazon employee who allegedly hacked into the 5th largest credit card company in the US posted about it online, the FBI says.

The ex-Amazon employee who allegedly hacked into the 5th largest credit card company in the US posted about it online, the FBI says.

Seattle skyline

  • Former software engineer Paige A. Thompson hacked into Capital One systems and accessed information to more than 100 million credit card customers, according to prosecutors. Authorities say they tracked down the suspect after she allegedly talked about it online.
  • Thompson was arrested by the FBI in Seattle and was charged with a single count of computer fraud and abuse.
  • FBI agent Joel Martini laid out evidence, which was found online on Github, Slack, Meetup, and Twitter, in the criminal complaint.
  • Visit Business Insider’s homepage for more stories.

A software engineer in Seattle was behind the major Capital One data breach, which impacted over 100 million credit card customers in the US and Canada, prosecutors alleged in a criminal complaint.

Paige A. Thompson, a former Amazon employee, was arrested by the FBI in Seattle and appeared in court on Monday. She was charged with with a single count of computer fraud and abuse, and could face a sentence of up to five years in prison and a $250,000 fine.

The breach occurred on March 22 and 23, 2019. According to Capital One, the largest category of information that was compromised involved consumers and small businesses who applied for credit cards between 2005 and early 2019.

FBI agent Joel Martini laid out evidence, which was found online on Github, Slack, Meetup, and Twitter, in the criminal complaint.

 

  • Read more: Capital One says it was hit with data breach, affecting tens of millions of credit card applications
  • And: Amazon’s cloud was at the heart of the big Capital One hack, even though it doesn’t seem to be at fault

Kevin Mitnick, computer security consultant and convicted hacker, also posted on Twitter about the incident.

 

Scroll down to see the evidence that led to Thompson’s arrest:

SEE ALSO: A massive, ongoing hack has been compromising cell service providers around the world without them even knowing, a new report says

The criminal complaint alleges Thompson posted that she hacked Capital One on the code-sharing site GitHub.

According to the US Attorney’s Office for the Western District of Washington, Thompson posted about the leaked information to the site GitHub on April 21. The post, dubbed the “April 21 File” in the criminal complaint, contained “a list of more than 700 folders or buckets of data,” as well as three commands that functioned to obtain Capital One’s credentials and extract data.

Another user spotted the post and flagged it to Capital One on July 17, the complaint alleges. Two days later, the credit card company contacted the FBI to report the incident, and investigators began to look into the account that posted the information.

The complaint states that the GitHub address where the “April 21 File” was posted included Thompson’s full name, as well as link to GitLab, which had a resume that included her address and indicated that she was a systems engineer.

Martini found a Slack channel where he alleges Thompson posted incriminating messages about the information theft.

Through open source research, Martini found a group organized by Thompson on Meetup, an online platform where users can build communities, according to the 12-page complaint. 

The Meetup group had a invitation code to a Slack channel, which is a service for team collaboration. One of the users, named “erratic,” posted “a list of files that [the user] claimed to possess” on June 26, according to the complaint.

A screenshot of the Slack conversation showed one of the members warning user “erratic” not to go to jail, and “erratic” responds saying “I wanna get it off my server thats [sic] why Im [sic] archiving all of it,” referring to the stolen information.

The complaint alleges that the username “erratic” was used by Thompson.

The complaint alleges Thompson direct-messaged another Twitter user about the stolen information, saying she has “basically strapped [herself] with a bomb vest.”

On Twitter, Thompson allegedly exchanged direct messages with an unidentified individual about the data breach on June 18, the complaint states.

The screenshot of the messages showed that Thompson wanted to “distribute” the “buckets” of information that she obtained. According to the complaint, Martini wrote that the suspect “intended to disseminate data stolen from victim entities, starting with Capital One.”

The complaint claims Thompson also acknowledged the information at her disposal in a subsequent message, saying that the information “buckets” include Social Security numbers with full names and dates of birth of the compromised Capital One accounts.