Software program engineer Paige Thompson was arrested in late July for an unprecedented hack right into a cloud server containing the private information of over 100 million individuals who had filed bank card functions with main monetary establishment Capital One. Thompson, who on the time of her arrest ran a internet hosting firm known as Netcrave Communications, had held a sequence of engineering jobs, together with a stint at Amazon Internet Companies (AWS) in 2015 and 2016, the place she presumably gained the abilities to take advantage of a vulnerability in an software firewall on Capital One’s AWS server.
Thompson’s final theft of the 100 million buyer information, 140,000 Social Safety numbers and 80,000 linked financial institution particulars of Capital One prospects was apparently solely one in all her many hacks. In a authorized submitting associated to holding her remanded into custody, federal prosecutors say she hit greater than 30 different targets, together with corporations and academic establishments.
On-line postings by Thompson obtained by the Wall Avenue Journal counsel that these different targets would possibly embrace Ford Motor Co., UniCredit (Italy’s largest financial institution), and Michigan State College. Thompson’s hacking efforts stand aside from the overwhelming majority of main hacks over the previous decade in as a result of her motivations appeared to not be political or monetary or nation-state directed.
Her actions additionally stand aside from different main breaches and information thefts as a result of Thompson, in contrast to most “black hat” hackers, left an intensive path of public proof that she was not solely engaged in these malicious actions, however that she additionally had Capital One particularly in her sights. Thompson was energetic on her now-removed Twitter account and on June 18 wrote “I’ve principally strapped myself with a bomb vest, f*cking dr0pping capitol ones dox and admitting it.”
Later, on July 5, Thompson wrote “I’ve an entire listing of issues that can guarantee my involuntary confinement from the world,” she wrote. “The type that they will’t ignore or brush off onto the disaster clinic. I’m by no means coming again.”