advertisement
advertisement
advertisement

Everything we know about the alleged Capital One hacker

Everything we know about the alleged Capital One hacker
[Photo: Tdorante10/Wikimedia Commons]

Federal prosecutors in Seattle charged 33-year-old software engineer Paige A. Thompson Monday with stealing data from millions of credit card applications from banking giant Capital One.

advertisement

The breach was discovered after someone emailed Capital One reporting that some “leaked S3 data” belonging to Capital One was posted on GitHub’s Gist text-sharing service, according to court documents, referring to Amazon’s Simple Storage Service.

Thompson worked at Amazon on S3 from May 2015 through September 2016, according to a resume posted on her page at GitLab, another popular site for sharing code repositories. An Amazon spokesperson has confirmed she last worked at the company in 2016 but said the hack didn’t require any insider knowledge, Bloomberg reports.

Thompson dropped out of Washington’s Bellevue Community College for a “career opportunity” and then held a variety of tech jobs, including running her own business called Netcrave Communications, according to her resume.

In addition to posting software projects and thoughts on technology on social media, Thompson also posted about struggles with mental health and other personal issues on her Twitter account in recent weeks. She allegedly also hinted at hacking activities on a public Slack server she maintained, leading another user to reply “don’t go to jail plz,” according to court documents. On Twitter, she also appeared to allude to the possibility of being prosecuted for criminal hacking.

According to a report by security writer Brian Krebs, Thompson also alluded to “struggles with gender identity, lack of employment, and persistent suicidal thoughts” in her posts on Slack. The Slack server appears to have since been deleted.

Thompson was ordered held at least until a hearing on Thursday, prosecutors said. She could face up to five years in prison and a $250,000 fine for the present charge of computer fraud and abuse.

advertisement
advertisement