Former Amazon employee accused of stealing 106 million user information from Capital One

Capital One revealed on Monday that information on 100 million US residents and 6 million Canadian residents was stolen. An Amazon AWS employee, Paige A. Thompson, 33 was arrested on Monday, accused of invading the Capital One network and stealing sensitive data from users. The exposed user information includes name, income, birthday, address, mobile number, email address, the social security number of 140,000 US users and 1 million Canadian users was stolen, and 80,000 bank accounts were accessed.

Thompson was accused of exploiting a vulnerability in the Capital One’s network firewall to execute a series of commands on its server, one of which was used to obtain credentials for the administrator account known as “*****WAF-Role.”

Capital One leased AWS’s servers, IP addresses and other evidence showed that Thompson exploited the vulnerability and published the data in its Github account. Thompson tried to use IPredator’s VPN and Tor to hide the intrusion and published many intrusions on social media. Capital One officials also received an email dated July 17 from someone reporting that sensitive data was posted to Thompson’s Github account.

Via: arstechnica