Capital One Hacker 'Breached 30 Organizations And Mined Cryptocurrency, ' Claims DOJ

[InfoSec News <alerts () infosecnews org>]

https://www.forbes.com/sites/thomasbrewster/2019/08/29/alleged-capital-one-hacker-breached-30-organizations-and-mined-cryptocurrency/

By Thomas Brewster
Forbes Staff
Cybersecurity
August 29, 2019

Former Amazon employee Paige Thompson has been accused of not only hacking 
Capital One, but another 30 companies and in some cases using their 
servers to mine cryptocurrency.

An indictment unsealed on Wednesday revealed the full scale of the 
government's allegations against Paige. She was arrested in July for the 
Capital One breach that affected as many as 100 million customers who'd 
applied for credit cards with the bank. That data was stored on a 
vulnerable Amazon server, misconfigured by the bank.

Though the indictment doesn't name Amazon, but instead refers to a "cloud 
computing company," it's highly likely to be Jeff Bezos' tech giant. 
Forbes previously had access to a Slack channel where Paige discussed 
gaining access to Amazon Web Services (AWS) servers.

Thompson acquired access to company computer login details, pilfered from 
open Amazon servers, the government alleged. She would then abuse control 
over those computers to both steal data and use up processing power to 
mine cryptocurrency, according to the indictment. Such mining is often 
referred to as cryptojacking.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_