A major controversy is brewing up for Capital One Hacker Paige Thompson who reportedly hacked into cloud servers of 30 other companies and gained access to their sensitive information. Thompson used this data for cryptocurrency mining.
Capital One hacker strikes again
Thompson is a former employee of Amazon who breached into Capital One’s servers. The credit card issuer company’s hack created a huge scandal in the industry. The Seattle-based woman exploited her position as a software engineer to get access to Amazon Web Services (AWS) servers.
She stole personally-identifying and damaging information about the company’s users, which include their payments history, date of birth, income, email addresses, and credit card codes. She also managed to scrape off 140,000 Social Security numbers of the users.
In July, Capital One revealed that the breach had affected over 100 million customers of the company. The hacker used the data to mine digital currencies.
Now she is also being called the main culprit behind the hack of 30 other companies. Instead of using a vulnerability on their servers, she simply accessed their servers by providing the username and passwords of their administrators. Thompson, who was identified as the person behind the username “erratic” was charged with one count of computer fraud and abuse.
Cryptojacking becomes more rampant
Cryptojacking is an event where a hacker takes control of a user’s device and uses its resources to mine digital currencies. Most hackers introduce complex malware into the user’s machines that can execute remote commands and help the miners run undetected. According to US prosecutors, Thompson did exactly the same. She used the data leaked during the hack to compromise the machines of users and mine digital currency. Wednesday’s court document filings show that the company detected the fraud on July 19 but did not go public until July 29.
Cybersecurity company McAfee suggests that the instances of crypto mining using some kind of malware increased by 4,000% in 2018. In most cases, a hacker would introduce a malicious link to the computer, which could start digital currency mining. This type of malware can be avoided by following a few simple due diligence methods.
However, the case of Capital One and 30 other companies that Thompson hacked is different. It denotes the threats existing within the cloud ecosystem of a company that could create significant damage to its profits, reputation and user data.