Paige Thompson, the hacker behind the recent Capital One data breach, was using the servers of over 30 companies to mine cryptocurrency. She was able to access backend servers by misconfiguring their firewalls.
It seems that the individual responsible for the recent Capital One hack was also mining cryptocurrency illicitly. Paige Thompson, a 33-year old software developer, was apparently also able to tap into more than 30 company cloud servers to access private information.
Thompson’s hack of Capital One compromised some 106M customer profiles, but it seems the extent of her black hat hacking was much more a high-profile case than previously thought. The now-unsealed indictment writes that she “created scanning software that allowed her to identify customers of a cloud computing company who had misconfigured their firewalls.” With this strategy, she was able to access backend servers, download private data, and also set up cryptocurrency mining operations.
The 30+ companies and organizations which were compromised by Thompson have not yet been revealed by the Department of Justice. However, it is alleged that the victims included public sector agencies, a telecommunication company, and a university as well. Law enforcement was tipped off to Thompson’s responsibility in the hack via her GitHub activity, as she was sharing the stolen data on the platform.
However, the Department of Justice did say that there is no evidence that Thompson “sold or disseminated any of the information she accessed.” So, for the time being, it seems that the Capital One data breach did not end up hurting anyone, but it’s still unclear if Thompson was planning on selling the data at a later date.
It is possible that we may soon hear about the Department of Defense’s intention to seize Thompson’s cryptocurrency assets. For now, no information has emerged on how much she was able to mine during her operation.
How was Thompson able to hack these systems so easily? Would you say far too many company data systems are weak and have limited security? Let us know your thoughts below in the comments.
Buy and trade cryptocurrencies with a 100x multiplier on our partner exchange, StormGain.
Images courtesy of Shutterstock.