Ex-Amazon employee, arrested last month over Capital One data breach, has also been accused of hacking over 30 more companies. In addition to stealing data, Paige Thompson allegedly used the compromised servers to mine cryptocurrency.
Hacking The Hand That Feeds You
The FBI arrested Thompson at the end of July, concerning a massive data breach at Capital One. The hack had exposed over 100 million credit card applicants personal details, including social security numbers and bank accounts.
However, a federal grand jury this week charged her with two counts of fraud pertaining to over 30 other entities.
Thompson stole the data from misconfigured servers hosted with a cloud computing company. The indictment doesn’t name which cloud computing company, but Thompson is an ex-employee of Amazon Web Services… which provides cloud computing services to Capital One.
Compromised Servers Also Used For Cryptojacking
Not content with hacking the servers and stealing data, Thompson also allegedly used the servers processing power to mine cryptocurrency. From the Indictment:
It was further part of the scheme and artifice that PAIGE A. THOMPSON used her unauthorised access to certain victim servers – and the stolen computing power of this servers – to “mine” cryptocurrency for her own benefit, a practice often referred to as “cryptojacking.”
Amazon Web Services itself was not compromised, despite the fact, the Thompson is an ex-employee. Access to the servers was due to misconfiguration by Capital One, rather than a vulnerability in Amazon’s infrastructure.
The authorities discovered Thompson’s activities after she posted details of the Capital One hack on her GitHub account. There is no evidence of her trying to sell or disseminate any of the stolen data.
Cryptojacking On The Rise
Cryptojacking appears to be on the rise, with IBM reporting earlier this year that it has overtaken ransomware as the crypto-cybercrime of choice. A recent report by McAfee (the security company, not the crypto-stalwart who founded it) suggests that cryptojacking campaigns rose 29% in the first quarter of this year.
How do you think will these privacy violations and data breach isuues be addressed? Let us know n the comments below.
Images via Bitcoinist Image Library