Convicted of a former AWS engineer who stole more than 100 million personal information by hacking into AWS
Former Amazon Web Services (AWS) engineer Page Thompson was convicted of hacking into a customer's cloud storage and leading to a mass leak of personal information from US financial services giant Capital One. At the time of writing, no specific sentence has been sentenced, but Thompson is expected to be sentenced to up to 20 years in prison.
Former Seattle tech worker convicted of wire fraud and computer intrusions | USAO-WDWA | Department of Justice
Ex-Amazon Worker Convicted in Capital One Hacking --The New York Times
Former Amazon employee convicted over 2019 Capital One hack --The Verge
Thompson was suspected of having five unauthorized access to his computer, as well as communication fraud and damage to his protected computer. According to the prosecution, Thompson developed a tool to scan AWS accounts in 2019, searched for accounts with misconfigured firewalls on the server, and data from more than 30 companies including Capital One. Was hacked and downloaded.
This hack is a misconfiguration of the firewall on the server, and some of the stolen information includes the user's name, address, phone number, email address, date of birth, annual income, and limits, in addition to credit card information. The amount, payment history, etc. were included.
In addition, Thompson said that he had installed virtual currency mining software on the server and sent the income to his wallet. Defendant Thompson posted on GitHub content that boasted of his crimes. Thompson was arrested in July 2019 after being notified by a GitHub user who saw it.
Defendant Nick Brown said, 'Thompson used his hacking skills to steal the personal information of more than 100 million people and hijacked computer servers to mine cryptocurrencies. Ethics to protect corporate computer security. Instead of being a typical hacker, she used her mistakes to steal valuable information and try to fertilize her pockets. '
Communication fraud can be imprisoned for up to 20 years, and unauthorized access or damage to protected computers can be imprisoned for up to 5 years each. The final sentence will be decided on September 15, 2022.
Capital One has been fined $ 80 million and paid a total of $ 190 million in settlements to the customers who filed the proceedings.