The ex-Amazon employee who allegedly hacked into the 5th largest credit card company in the US posted about it online, the FBI says.

Business Insider US

Paige A. Thompson was arrested by the FBI in Seattle and accused of the massive Capital One hack.
Chris Helgren/Reuters
  • Former software engineer Paige A. Thompson hacked into Capital One systems and accessed information to more than 100 million credit card customers, according to prosecutors. Authorities say they tracked down the suspect after she allegedly talked about it online.
  • Thompson was arrested by the FBI in Seattle and was charged with a single count of computer fraud and abuse.
  • FBI agent Joel Martini laid out evidence, which was found online on Github, Slack, Meetup, and Twitter, in the criminal complaint.
  • For more stories, go to Business Insider South Africa.

A software engineer in Seattle was behind the major Capital One data breach, which impacted over 100 million credit card customers in the US and Canada, prosecutors alleged in a criminal complaint.

Paige A. Thompson, a former Amazon employee, was arrested by the FBI in Seattle and appeared in court on Monday. She was charged with with a single count of computer fraud and abuse, and could face a sentence of up to five years in prison and a $250,000 fine.

The breach occurred on March 22 and 23, 2019. According to Capital One, the largest category of information that was compromised involved consumers and small businesses who applied for credit cards between 2005 and early 2019.

FBI agent Joel Martini laid out evidence, which was found online on Github, Slack, Meetup, and Twitter, in the criminal complaint.

Kevin Mitnick, computer security consultant and convicted hacker, also posted on Twitter about the incident.

Scroll down to see the evidence that led to Thompson's arrest:

The criminal complaint alleges Thompson posted that she hacked Capital One on the code-sharing site GitHub.

Department of Justice

According to the US Attorney's Office for the Western District of Washington, Thompson posted about the leaked information to the site GitHub on April 21. The post, dubbed the "April 21 File" in the criminal complaint, contained "a list of more than 700 folders or buckets of data," as well as three commands that functioned to obtain Capital One's credentials and extract data.

Another user spotted the post and flagged it to Capital One on July 17, the complaint alleges. Two days later, the credit card company contacted the FBI to report the incident, and investigators began to look into the account that posted the information.

The complaint states that the GitHub address where the "April 21 File" was posted included Thompson's full name, as well as link to GitLab, which had a resume that included her address and indicated that she was a systems engineer.

Martini found a Slack channel where he alleges Thompson posted incriminating messages about the information theft.

Department of Justice

Through open source research, Martini found a group organized by Thompson on Meetup, an online platform where users can build communities, according to the 12-page complaint.

The Meetup group had a invitation code to a Slack channel, which is a service for team collaboration. One of the users, named "erratic," posted "a list of files that [the user] claimed to possess" on June 26, according to the complaint.

A screenshot of the Slack conversation showed one of the members warning user "erratic" not to go to jail, and "erratic" responds saying "I wanna get it off my server thats [sic] why Im [sic] archiving all of it," referring to the stolen information.

The complaint alleges that the username "erratic" was used by Thompson.

The complaint alleges Thompson direct-messaged another Twitter user about the stolen information, saying she has "basically strapped [herself] with a bomb vest."

Department of Justice

On Twitter, Thompson allegedly exchanged direct messages with an unidentified individual about the data breach on June 18, the complaint states.

The screenshot of the messages showed that Thompson wanted to "distribute" the "buckets" of information that she obtained. According to the complaint, Martini wrote that the suspect "intended to disseminate data stolen from victim entities, starting with Capital One."

The complaint claims Thompson also acknowledged the information at her disposal in a subsequent message, saying that the information "buckets" include Social Security numbers with full names and dates of birth of the compromised Capital One accounts.

Receive a single WhatsApp every morning with all our latest news: click here.

Also from Business Insider South Africa:

Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo