Yikes

Ex-Amazon employee convicted in 2019 Capital One hack after bragging online

“She wanted data, she wanted money, and she wanted to brag.”

Andrew Friedman, Assistant United States Attorney

Server racks in computer network security server room data center, 3d rendering.
Shutterstock

A jury has convicted a former Amazon software engineer, Paige Thompson, for her infamous 2019 hack of over 30 clients utilizing Amazon Web Services, including Capital One, in one of the largest data breaches in American history. Over the course of a seven-day trial, prosecutors successfully argued that Thompson, who worked at the Big Tech giant until 2016, was able to gain access by exploiting companies’ misconfigured AWS accounts to subsequently steal personal information, as well as install cryptocurrency miners on servers that directly deposited into her own wallets.

Over 100 million people across the United States and Canada were affected by Thompson’s hacks, prompting Capital One to eventually issue a $190 million class-action lawsuit settlement regarding the breach last December atop their earlier $80 million paid out in regulatory fines.

“She wanted data, she wanted money, and she wanted to brag,” Assistant United States Attorney Andrew Friedman told jurists during his closing arguments. Thompson was convicted on seven counts ranging from wire fraud to illegally accessing and damaging a protected computer, although she was found not guilty of aggravated identity theft and access device fraud.

NICHOLAS KAMM/AFP/Getty Images

All kinds of personal data involved — According to CNBC, Thompson’s hacking exploits eventually resulted in the software engineer nabbing around 120,000 Social Security numbers and 77,000 bank account numbers. The impressive scope was not lost at all on Thompson herself, who ended up getting nabbed by police after someone reported her to authorities for boasting about the heist on GitHub. Thompson is now scheduled to be sentenced on September 15 — some of her convictions can garner up to 20 years in prison.

A lengthy paper trail — Authorities had plenty of receipts documenting Thompson’s theft, according to reports shortly following her arrest — hundreds of Slack messages, social media posts, and communications with fellow individuals. “Sketchy shit,” one person responded via Slack after seeing Thompson’s provided evidence at the time. “Don’t go to jail plz.”