Information Security News mailing list archives
Capital One Hacker 'Breached 30 Organizations And Mined Cryptocurrency, ' Claims DOJ
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 3 Sep 2019 09:49:04 +0000 (UTC)
https://www.forbes.com/sites/thomasbrewster/2019/08/29/alleged-capital-one-hacker-breached-30-organizations-and-mined-cryptocurrency/ By Thomas Brewster Forbes Staff Cybersecurity August 29, 2019Former Amazon employee Paige Thompson has been accused of not only hacking Capital One, but another 30 companies and in some cases using their servers to mine cryptocurrency.
An indictment unsealed on Wednesday revealed the full scale of the government's allegations against Paige. She was arrested in July for the Capital One breach that affected as many as 100 million customers who'd applied for credit cards with the bank. That data was stored on a vulnerable Amazon server, misconfigured by the bank.
Though the indictment doesn't name Amazon, but instead refers to a "cloud computing company," it's highly likely to be Jeff Bezos' tech giant. Forbes previously had access to a Slack channel where Paige discussed gaining access to Amazon Web Services (AWS) servers.
Thompson acquired access to company computer login details, pilfered from open Amazon servers, the government alleged. She would then abuse control over those computers to both steal data and use up processing power to mine cryptocurrency, according to the indictment. Such mining is often referred to as cryptojacking.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Capital One Hacker 'Breached 30 Organizations And Mined Cryptocurrency, ' Claims DOJ InfoSec News (Sep 03)