https://www.forbes.com/sites/thomasbrewster/2019/08/29/alleged-capital-one-hacker-breached-30-organizations-and-mined-cryptocurrency/
By Thomas Brewster
Forbes Staff
Cybersecurity
August 29, 2019
Former Amazon employee Paige Thompson has been accused of not only hacking
Capital One, but another 30 companies and in some cases using their
servers to mine cryptocurrency.
An indictment unsealed on Wednesday revealed the full scale of the
government's allegations against Paige. She was arrested in July for the
Capital One breach that affected as many as 100 million customers who'd
applied for credit cards with the bank. That data was stored on a
vulnerable Amazon server, misconfigured by the bank.
Though the indictment doesn't name Amazon, but instead refers to a "cloud
computing company," it's highly likely to be Jeff Bezos' tech giant.
Forbes previously had access to a Slack channel where Paige discussed
gaining access to Amazon Web Services (AWS) servers.
Thompson acquired access to company computer login details, pilfered from
open Amazon servers, the government alleged. She would then abuse control
over those computers to both steal data and use up processing power to
mine cryptocurrency, according to the indictment. Such mining is often
referred to as cryptojacking.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
