- A former software engineer named Paige A. Thompson hacked into Capital One’s systems and accessed the information of more than 100 million credit-card applicants and customers, federal prosecutors said. An FBI agent said he tracked her down after she talked about it online.
- Thompson was arrested by the FBI in Seattle on Monday and charged with a single count of computer fraud and abuse.
- In the criminal complaint, the FBI agent, Joel Martini, laid out evidence he found on GitHub, Slack, Meetup, and Twitter.
- Visit Business Insider’s homepage for more stories.
A software engineer in Seattle was behind a Capital One data breach that affected more than 100 million credit-card applicants and customers in the US and Canada, prosecutors alleged in a criminal complaint on Monday.
Paige A. Thompson, a former Amazon employee, was arrested by the FBI in Seattle and appeared in court on Monday. She was charged with a single count of computer fraud and abuse. If convicted, she could face a sentence of up to five years in prison and a $US250,000 fine.
The breach occurred on March 22 and 23, the complaint said. Capital One, the fifth-largest credit-card issuer in the US, said the largest category of compromised information involved consumers and small businesses that applied for credit cards between 2005 and early 2019.
In the complaint, an FBI agent, Joel Martini, laid out evidence he found on GitHub, Slack, Meetup, and Twitter.
The Capital One hacker stored incriminating info on a github page linked to her real name & admitted to crimes on Slack, w/a username she used on other social media.
1) Don’t commit crimes.
2) Anything you say or do on most websites/apps can be shared w/governments. https://t.co/8wTtIAr8Jc
— Tiffany C. Li (@tiffanycli) July 30, 2019
Kevin Mitnick, a computer-security consultant and convicted hacker, also posted on Twitter about the incident.
The indictment of Paige Thompson clearly indicates she wanted to be caught.
Breaking into Capitol One and posting about in Slack is beyond stupid.
Her time should have been spent on bug bounties rather than unauthorized intrusions.
— Kevin Mitnick (@kevinmitnick) July 30, 2019
Scroll down to see the evidence in the complaint that led to Thompson’s arrest:
The criminal complaint alleges that Thompson posted on the code-sharing website GitHub that she had hacked into Capital One.
The complaint, filed with the US Attorney’s Office for the Western District of Washington, said Thompson posted on GitHub on April 21 about the leaked information.
The post, dubbed the “April 21 File,” contained “a list of more than 700 folders or buckets of data,” as well as code for three commands to obtain Capital One’s credentials and extract data, the complaint said.
Another user spotted the post and flagged it to Capital One on July 17, the complaint said. Two days later, the credit-card company contacted the FBI, and investigators began looking into the account that posted the information.
The complaint said the GitHub address where the “April 21 File” was posted included Thompson’s full name and a link to a GitLab page that had a résumé indicating she was a systems engineer.
Martini said he found a Slack channel where a user named “erratic,” believed to be Thompson, posted incriminating messages about the information theft.
Martini said he found a group organised by Thompson on a platform called Meetup that had an invitation code for a channel on Slack, a team-chat service.
The complaint said that on June 26, one of the users, “erratic,” believed to be Thompson, posted “a list of files” that they “claimed to possess.”
A screenshot of a Slack conversation included in the complaint showed a user telling “erratic” not to go to jail and “erratic” responding with “I wanna get it off my server thats why Im archiving all of it lol.”
The complaint alleges that Thompson messaged a person on Twitter about the stolen information, saying she had “basically strapped myself with a bomb vest.”
The complaint said that on June 18, a Twitter user believed to be Thompson exchanged direct messages about the data breach with another person on the site.
A screenshot included in the complaint showed the user saying they wanted to “distribute those buckets” of information they obtained.
Martini said the message indicated that Thompson “intended to disseminate data stolen from victim entities, starting with Capital One.”
The complaint characterised another message in the screenshot as an acknowledgment that the information “buckets” included Social Security numbers with full names and dates of birth tied to the Capital One accounts.
Business Insider Emails & Alerts
Site highlights each day to your inbox.